Dobry den, pred dlhsim casom mi NOD zahlasil ze v pamati je Win32/Rustock. Skusal som hladat cosi na webe, ale nebol som velmi uspesny. Vedeli by ste mi pomoct?
log z RSIT:
Logfile of random's system information tool 1.07 (written by random/random)
Run by jano at 2010-06-05 20:44:54
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (23%) free of 20 GB
Total RAM: 1023 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:45:15, on 5.6.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Common Files\Lingea Shared\luc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\Documents and Settings\jano\My Documents\Preberanie\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\jano.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.sk/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c99c1be46c4eff) (gupdate1c99c1be46c4eff) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire (threatfire) - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 11563 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004UA.job
C:\WINDOWS\tasks\shutdown.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-04 652784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 147456]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2005-04-29 266240]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-08 7110656]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-08 86016]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-05-21 229437]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"WINCINEMAMGR"=C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-01-21 270336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2006-06-19 262144]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2006-05-12 831488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RemoteControl"=C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe [2007-02-12 65536]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-01-18 1286608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]
"Google Update"=C:\Documents and Settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^bluetooth.lnk]
C:\PROGRA~1\MSI\STARKE~1\BTTray.exe [2005-09-19 581693]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Documents and Settings\jano\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Lingea Update Center.lnk - C:\Program Files\Common Files\Lingea Shared\luc.exe
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lavasoft ad-aware service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\wamp\Apache2\bin\httpd.exe"="E:\wamp\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\oldgames\bulanci.exe"="E:\oldgames\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"E:\old\d\GAMES\Aoe2\empires2.exe"="E:\old\d\GAMES\Aoe2\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Psi\psi.exe"="C:\Program Files\Psi\psi.exe:*:Enabled:psi"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"E:\hrybomberclone\bomberclone.exe"="E:\hrybomberclone\bomberclone.exe:*:Enabled:bomberclone"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\games\Zero Ballistics\tankClient.exe"="D:\games\Zero Ballistics\tankClient.exe:*:Enabled:tankClient"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html
======List of files/folders created in the last 3 months======
2010-06-05 20:44:54 ----D---- C:\rsit
2010-06-05 20:44:54 ----D---- C:\Program Files\trend micro
2010-06-05 20:33:11 ----D---- C:\Program Files\Common Files\PC Tools
2010-06-05 20:33:08 ----D---- C:\Program Files\Spyware Doctor
2010-06-05 20:33:08 ----D---- C:\Documents and Settings\jano\Application Data\PC Tools
2010-06-05 19:16:54 ----D---- C:\Documents and Settings\All Users\Application Data\PassMark
2010-06-05 19:16:34 ----D---- C:\Program Files\KeyboardTest
2010-04-17 20:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-04-05 06:36:02 ----D---- C:\WINDOWS\pss
2010-04-05 06:24:31 ----D---- C:\WINDOWS\system32\MpEngineStore
2010-04-05 06:17:32 ----A---- C:\WINDOWS\system32\MRT.exe
======List of files/folders modified in the last 3 months======
2010-06-05 20:45:03 ----D---- C:\WINDOWS\Temp
2010-06-05 20:44:54 ----RD---- C:\Program Files
2010-06-05 20:42:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-05 20:36:04 ----D---- C:\WINDOWS\system32\drivers
2010-06-05 20:34:59 ----SHD---- C:\WINDOWS\Installer
2010-06-05 20:34:44 ----D---- C:\WINDOWS\WinSxS
2010-06-05 20:33:11 ----D---- C:\Program Files\Common Files
2010-06-05 20:32:53 ----D---- C:\Documents and Settings\jano\Application Data\GetRightToGo
2010-06-05 20:29:18 ----A---- C:\WINDOWS\wincmd.ini
2010-06-05 20:16:33 ----D---- C:\Documents and Settings\jano\Application Data\uTorrent
2010-06-05 19:54:23 ----D---- C:\Program Files\uTorrent
2010-06-05 19:20:07 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-05-30 18:01:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-16 17:52:06 ----D---- C:\Documents and Settings\jano\Application Data\vlc
2010-05-16 11:20:30 ----D---- C:\Documents and Settings\jano\Application Data\Mozilla
2010-04-17 20:50:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-17 20:37:48 ----D---- C:\WINDOWS\Prefetch
2010-04-17 20:03:08 ----HD---- C:\WINDOWS\inf
2010-04-05 17:37:33 ----D---- C:\Program Files\Mozilla Firefox
2010-04-05 06:36:02 ----D---- C:\WINDOWS
2010-04-05 06:34:04 ----D---- C:\Program Files\CCleaner
2010-04-05 06:24:31 ----D---- C:\WINDOWS\system32
2010-04-05 06:17:34 ----D---- C:\WINDOWS\Debug
2010-03-30 20:37:34 ----D---- C:\Program Files\Eset
2010-03-29 17:47:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-20 16:23:31 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-09-18 82380]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-06-09 23040]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2008-02-28 51072]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R2 bt848;Conexant's BtPCI WDM Video Capture; C:\WINDOWS\system32\DRIVERS\BT848.sys [2010-01-24 371349]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 HWiNFO32;HWiNFO32 Kernel Driver; \??\C:\Program Files\HWiNFO32\HWiNFO32.SYS []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-09-20 1342122]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-08 3198304]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
R3 tfnetmon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-09-20 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-09-19 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-09-19 148040]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-05-31 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-09-19 56648]
S3 Cap7134;Philips SAA7133(5) WDM Capture; C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-11-05 334816]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dsdrv4;DSDrv4; \??\C:\PROGRA~1\DScaler\DSDrv4.sys []
S3 FlyPCI;FlyPCI; \??\C:\WINDOWS\system32\drivers\FlyPCI.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
S3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
S3 iviudf;iviudf; C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 116224]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2008-12-23 50704]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
S3 siwio;SIW low-level I/O driver; \??\C:\WINDOWS\TEMP\SiwIo.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;StarCam Clip; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2006-06-27 10148480]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-08-07 253952]
R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe [2005-09-19 258103]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 168432]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-08 127043]
R2 sdauxservice;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R2 sdcoreservice;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 threatfire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2010-02-02 70928]
S1 udffsrec;udffsrec; C:\WINDOWS\system32\drivers\udffsrec.sys [2004-12-19 5248]
S2 gupdate1c99c1be46c4eff;Google Update Service (gupdate1c99c1be46c4eff); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-03 133104]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-27 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2008-12-23 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe [2007-07-06 5730304]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Operačná pamäť - Win32/Rustock trójsky kôň
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Operačná pamäť - Win32/Rustock trójsky kôň
Naposledy upravil(a) adolf dne 05 čer 2010 20:47, celkem upraveno 1 x.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Operačná pamäť - Win32/Rustock trójsky kôň
Pokud editujete příspěvek, tak o tom musíte dát vědět. Jinak je možné, že si editace nevšimnu.
Kde přesně NOD32 vir hlásil 
Doporučuji odinstalovat Spyware Doctor.
Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.
Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
Start > Spustit (Win + R) > napište regedit.exe > OK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
Potom v pravém okénku najdete hodnotu ImagePath, klikněte na ni pravým tl. myši a zvolte možnost "Změnit".
Zobrazí se Vám okénko s cestou (%fystemRoot%\system32\svchost.exe -k netsvcs)
Vy musíte přepsat písmenko F na s
aby cesta byla (%systemRoot%\system32\svchost.exe -k netsvcs)
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
Znáte C:\WINDOWS\tasks\shutdown.job
Kde přesně NOD32 vir hlásil Doporučuji odinstalovat Spyware Doctor. Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy. Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
- Spusťte, poté klikněte na Deletion.
- Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt
Start > Spustit (Win + R) > napište regedit.exe > OK- Najděte následující klíče klíče (je možné, že tam některý nebude)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
- Najďěte složky BITS a wuauserv (u všech klíčů výše uvedených), klikněte na ně pravým tlačítkem myši, vyberte možnost "Oprávnění". Dejte "Povolit vše".
Potom v pravém okénku najdete hodnotu ImagePath, klikněte na ni pravým tl. myši a zvolte možnost "Změnit".
Zobrazí se Vám okénko s cestou (%fystemRoot%\system32\svchost.exe -k netsvcs)
Vy musíte přepsat písmenko F na s
aby cesta byla (%systemRoot%\system32\svchost.exe -k netsvcs)
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT - Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Znáte C:\WINDOWS\tasks\shutdown.job 
Re: Operačná pamäť - Win32/Rustock trójsky kôň
Dufam, ze nebolo nevyhnutne nutne robit tie veci postupne. Kedze USBfix bezal dost dlho, tak som zatial pomenil udaje v registroch a spustil OTL. USBFix este bezi (52%) Vystup z OTL je tu:
extras.txt
OTL Extras logfile created on: 5.6.2010 22:40:11 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\jano\My Documents\Preberanie
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 518,00 Mb Available Physical Memory | 51,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 26,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 3,98 Gb Free Space | 19,92% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 6,01 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive E: | 75,41 Gb Total Space | 13,63 Gb Free Space | 18,07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MASINA
Current User Name: jano
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
[HKEY_USERS\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [addtoplaylistvlc] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Môj CEWE Fotosvet] -- "D:\Fotolab\Môj CEWE Fotosvet\Môj CEWE Fotosvet.exe" "%1" ()
Directory [playwithvlc] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"19945:TCP" = 19945:TCP:*:Enabled:BitComet 19945 TCP
"19945:UDP" = 19945:UDP:*:Enabled:BitComet 19945 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"E:\wamp\Apache2\bin\httpd.exe" = E:\wamp\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"E:\oldgames\bulanci.exe" = E:\oldgames\bulanci.exe:*:Enabled:bulanci -- ()
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"E:\old\d\GAMES\Aoe2\empires2.exe" = E:\old\d\GAMES\Aoe2\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Psi\psi.exe" = C:\Program Files\Psi\psi.exe:*:Enabled:psi -- File not found
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"E:\hrybomberclone\bomberclone.exe" = E:\hrybomberclone\bomberclone.exe:*:Enabled:bomberclone -- File not found
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"D:\games\Zero Ballistics\tankClient.exe" = D:\games\Zero Ballistics\tankClient.exe:*:Enabled:tankClient -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{062BFFA1-0CCC-400B-B840-F162328D8C00}" = winLAME prerelease4
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{1E9B7C2B-EB7E-11D4-83D3-046608C10000}" = Zoner Context 4 Trial
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2d6ed011-055b-4041-b198-bb903827ebfb}" = Safari
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36DC64E1-6A0A-44B9-8C09-F11BE120BC8A}" = The Panorama Factory V4 m32 Edition with Batch Processing
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86)
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5265664F-6128-405C-9225-9782A85954FD}" = USB Scanner
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{690be098-6d0d-493d-b079-bd7e8f81a141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6bb42024-d62a-33f5-b883-52069e2c9668}" = Google Talk Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AEF344E-DB20-4D76-9077-30BD339DFD99}" = StarCam Clip
"{7DBEEE87-D319-414A-BA26-CE4C0C94A7E5}" = Brother HL-2030
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}" = InterVideo Launcher
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-C470-7760-CE0000000001}" = Adobe Acrobat 6.0 CE Professional
"{AC76BA86-7AD7-1051-7B44-A81200000003}" = Adobe Reader 8 - Slovak
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4B70951-3AB9-4609-B8FA-BAF0066A914A}" = Microsoft Network Monitor 3.2
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D70666B2-7E6B-46F0-85E2-06C30C1269C0}" = ASUS MyCinema Series
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DAF9F5C0-D97E-441C-A5C0-69B89C0FF839}" = Faith Comes By Hearing Audio Bible Download Manager
"{ded53b0b-b67c-4244-ae6a-d6fd3c28d1ef}" = Ad-Aware
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F00AAB90-3151-11DC-5F90-01D19C476952}" = Mozart9
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F9E58416-8176-4583-B014-47985E5A8357}" = ESET Smart Security
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD4C0E23-A95B-4CC2-8993-3C1530CF69FD}" = Microsoft Network Monitor: Microsoft Parsers 3.2
"3D Architekt (instalace na disk)" = 3D Architekt (instalace na disk)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"ad-aware" = Ad-Aware
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AoA DVD Ripper_is1" = AoA DVD Ripper
"Around the World in 80 Days_is1" = Around the World in 80 Days
"AssaultCube_v1.0" = AssaultCube v1.0
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.4.7
"BearShare" = BearShare
"Bridge Building Game" = Bridge Building Game
"ccleaner" = CCleaner
"Cisco Networking Academy curriculum_is1" = Cisco Networking Academy curriculum 4.0.0.0
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"dscaler 4.1.15_is1" = DScaler 4.1.15
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"eset online scanner" = ESET Online Scanner v3
"EsetOnlineScanner" = ESET Online Scanner
"Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12
"Google Updater" = Google Updater
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.8.8-rc2
"HF Designer_is1" = HF Designer
"HF_ASISTENTSLK" = Happy Foto Asistent (Len odstráni)
"hp print screen utility" = hp print screen utility
"HWiNFO32_is1" = HWiNFO32 Version 1.76
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{3C3B2C97-0DAB-482F-9C95-6610827210E3}" = ASUS nVIDIA Driver
"IrfanView" = IrfanView (remove only)
"lexicon5" = Lingea Lexicon 5
"LimeWire" = LimeWire 4.16.6
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Miranda IM" = Miranda IM 0.7.1
"mIRC" = mIRC
"mozilla firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Môj CEWE Fotosvet" = Môj CEWE Fotosvet
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MV2Player" = MV2Player (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Packet Tracer 5.0_is1" = Packet Tracer 5.0
"Pharaoh Puzzle_is1" = Pharaoh Puzzle
"Picasa2" = Picasa 2
"Pontifex II" = Pontifex II
"PSPad editor_is1" = PSPad editor
"PuTTY_is1" = PuTTY version 0.60
"Shockwave" = Shockwave
"Totalcmd" = Total Commander (Remove or Repair)
"usbfix" = Usbfix By C_XX & El Desaparecido
"vlc media player" = VLC media player 1.0.5
"WampServer 2_is1" = WampServer 2.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winpcapinst" = WinPcap 4.1 beta5
"WinRAR archiver" = WinRAR archivátor
"Wireshark" = Wireshark 1.2.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xming_is1" = Xming 6.9.0.31
"xtreme" = Xtreme
"XviD_is1" = XviD 1.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.3.2010 15:30:05 | Computer Name = MASINA | Source = pctsSvc.exe | ID = 0
Description =
Error - 11.4.2010 6:28:20 | Computer Name = MASINA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia uTorrent.exe, verzia 2.0.0.18488, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 17.4.2010 14:31:06 | Computer Name = MASINA | Source = Google Update | ID = 20
Description =
Error - 17.4.2010 14:47:55 | Computer Name = MASINA | Source = pctsSvc.exe | ID = 0
Description =
Error - 30.5.2010 11:49:24 | Computer Name = MASINA | Source = Google Update | ID = 20
Description =
Error - 5.6.2010 13:31:04 | Computer Name = MASINA | Source = Google Update | ID = 20
Description =
Error - 5.6.2010 13:59:58 | Computer Name = MASINA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia uTorrent.exe, verzia 2.0.2.19648, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 5.6.2010 14:41:12 | Computer Name = MASINA | Source = crypt32 | ID = 131083
Description = Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov
zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou
podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
Error - 5.6.2010 14:41:12 | Computer Name = MASINA | Source = crypt32 | ID = 131083
Description = Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov
zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou
podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
Error - 5.6.2010 14:41:27 | Computer Name = MASINA | Source = crypt32 | ID = 131080
Description = Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu
základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
s chybou: Operácia sa vrátila, pretože uplynul časový limit.
[ System Events ]
Error - 5.6.2010 17:44:30 | Computer Name = MASINA | Source = Service Control Manager | ID = 7031
Description = Služba Bluetooth Service sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia:
Reštartovať službu.
Error - 5.6.2010 17:44:30 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba Forceware Web Interface sa neočakávane ukončila. Služba sa
týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:32 | Computer Name = MASINA | Source = Service Control Manager | ID = 7031
Description = Služba Google Updater Service sa neočakávane ukončila. Služba sa
týmto spôsobom ukončila už 1 krát. O 900000 ms bude vykonaná nasledujúca opravná
akcia: Reštartovať službu.
Error - 5.6.2010 17:44:32 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:33 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba ForceWare IP service sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:33 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba ForceWare user log service sa neočakávane ukončila. Služba
sa týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:33 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service sa neočakávane ukončila. Služba
sa týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:33 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba ForceWare Intelligent Application Manager (IAM) sa neočakávane
ukončila. Služba sa týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:34 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba Application Layer Gateway Service sa neočakávane ukončila.
Služba sa týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:45:05 | Computer Name = MASINA | Source = DCOM | ID = 10010
Description = Server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} sa v danom časovom limite
nezaregistroval na serveri DCOM.
< End of report >
extras.txt
OTL Extras logfile created on: 5.6.2010 22:40:11 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\jano\My Documents\Preberanie
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 518,00 Mb Available Physical Memory | 51,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 26,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 3,98 Gb Free Space | 19,92% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 6,01 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive E: | 75,41 Gb Total Space | 13,63 Gb Free Space | 18,07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MASINA
Current User Name: jano
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
[HKEY_USERS\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [addtoplaylistvlc] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Môj CEWE Fotosvet] -- "D:\Fotolab\Môj CEWE Fotosvet\Môj CEWE Fotosvet.exe" "%1" ()
Directory [playwithvlc] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"19945:TCP" = 19945:TCP:*:Enabled:BitComet 19945 TCP
"19945:UDP" = 19945:UDP:*:Enabled:BitComet 19945 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"E:\wamp\Apache2\bin\httpd.exe" = E:\wamp\Apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"E:\oldgames\bulanci.exe" = E:\oldgames\bulanci.exe:*:Enabled:bulanci -- ()
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"E:\old\d\GAMES\Aoe2\empires2.exe" = E:\old\d\GAMES\Aoe2\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Psi\psi.exe" = C:\Program Files\Psi\psi.exe:*:Enabled:psi -- File not found
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"E:\hrybomberclone\bomberclone.exe" = E:\hrybomberclone\bomberclone.exe:*:Enabled:bomberclone -- File not found
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"D:\games\Zero Ballistics\tankClient.exe" = D:\games\Zero Ballistics\tankClient.exe:*:Enabled:tankClient -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\jano\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{062BFFA1-0CCC-400B-B840-F162328D8C00}" = winLAME prerelease4
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{1E9B7C2B-EB7E-11D4-83D3-046608C10000}" = Zoner Context 4 Trial
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2d6ed011-055b-4041-b198-bb903827ebfb}" = Safari
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36DC64E1-6A0A-44B9-8C09-F11BE120BC8A}" = The Panorama Factory V4 m32 Edition with Batch Processing
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86)
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5265664F-6128-405C-9225-9782A85954FD}" = USB Scanner
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{690be098-6d0d-493d-b079-bd7e8f81a141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6bb42024-d62a-33f5-b883-52069e2c9668}" = Google Talk Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AEF344E-DB20-4D76-9077-30BD339DFD99}" = StarCam Clip
"{7DBEEE87-D319-414A-BA26-CE4C0C94A7E5}" = Brother HL-2030
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}" = InterVideo Launcher
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-C470-7760-CE0000000001}" = Adobe Acrobat 6.0 CE Professional
"{AC76BA86-7AD7-1051-7B44-A81200000003}" = Adobe Reader 8 - Slovak
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4B70951-3AB9-4609-B8FA-BAF0066A914A}" = Microsoft Network Monitor 3.2
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D70666B2-7E6B-46F0-85E2-06C30C1269C0}" = ASUS MyCinema Series
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DAF9F5C0-D97E-441C-A5C0-69B89C0FF839}" = Faith Comes By Hearing Audio Bible Download Manager
"{ded53b0b-b67c-4244-ae6a-d6fd3c28d1ef}" = Ad-Aware
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F00AAB90-3151-11DC-5F90-01D19C476952}" = Mozart9
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F9E58416-8176-4583-B014-47985E5A8357}" = ESET Smart Security
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD4C0E23-A95B-4CC2-8993-3C1530CF69FD}" = Microsoft Network Monitor: Microsoft Parsers 3.2
"3D Architekt (instalace na disk)" = 3D Architekt (instalace na disk)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"ad-aware" = Ad-Aware
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AoA DVD Ripper_is1" = AoA DVD Ripper
"Around the World in 80 Days_is1" = Around the World in 80 Days
"AssaultCube_v1.0" = AssaultCube v1.0
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.4.7
"BearShare" = BearShare
"Bridge Building Game" = Bridge Building Game
"ccleaner" = CCleaner
"Cisco Networking Academy curriculum_is1" = Cisco Networking Academy curriculum 4.0.0.0
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"dscaler 4.1.15_is1" = DScaler 4.1.15
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"eset online scanner" = ESET Online Scanner v3
"EsetOnlineScanner" = ESET Online Scanner
"Free DVD MP3 Ripper_is1" = Free DVD MP3 Ripper 1.12
"Google Updater" = Google Updater
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.8.8-rc2
"HF Designer_is1" = HF Designer
"HF_ASISTENTSLK" = Happy Foto Asistent (Len odstráni)
"hp print screen utility" = hp print screen utility
"HWiNFO32_is1" = HWiNFO32 Version 1.76
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{3C3B2C97-0DAB-482F-9C95-6610827210E3}" = ASUS nVIDIA Driver
"IrfanView" = IrfanView (remove only)
"lexicon5" = Lingea Lexicon 5
"LimeWire" = LimeWire 4.16.6
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Miranda IM" = Miranda IM 0.7.1
"mIRC" = mIRC
"mozilla firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Môj CEWE Fotosvet" = Môj CEWE Fotosvet
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MV2Player" = MV2Player (remove only)
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Packet Tracer 5.0_is1" = Packet Tracer 5.0
"Pharaoh Puzzle_is1" = Pharaoh Puzzle
"Picasa2" = Picasa 2
"Pontifex II" = Pontifex II
"PSPad editor_is1" = PSPad editor
"PuTTY_is1" = PuTTY version 0.60
"Shockwave" = Shockwave
"Totalcmd" = Total Commander (Remove or Repair)
"usbfix" = Usbfix By C_XX & El Desaparecido
"vlc media player" = VLC media player 1.0.5
"WampServer 2_is1" = WampServer 2.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winpcapinst" = WinPcap 4.1 beta5
"WinRAR archiver" = WinRAR archivátor
"Wireshark" = Wireshark 1.2.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xming_is1" = Xming 6.9.0.31
"xtreme" = Xtreme
"XviD_is1" = XviD 1.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.3.2010 15:30:05 | Computer Name = MASINA | Source = pctsSvc.exe | ID = 0
Description =
Error - 11.4.2010 6:28:20 | Computer Name = MASINA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia uTorrent.exe, verzia 2.0.0.18488, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 17.4.2010 14:31:06 | Computer Name = MASINA | Source = Google Update | ID = 20
Description =
Error - 17.4.2010 14:47:55 | Computer Name = MASINA | Source = pctsSvc.exe | ID = 0
Description =
Error - 30.5.2010 11:49:24 | Computer Name = MASINA | Source = Google Update | ID = 20
Description =
Error - 5.6.2010 13:31:04 | Computer Name = MASINA | Source = Google Update | ID = 20
Description =
Error - 5.6.2010 13:59:58 | Computer Name = MASINA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia uTorrent.exe, verzia 2.0.2.19648, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.
Error - 5.6.2010 14:41:12 | Computer Name = MASINA | Source = crypt32 | ID = 131083
Description = Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov
zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou
podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
Error - 5.6.2010 14:41:12 | Computer Name = MASINA | Source = crypt32 | ID = 131083
Description = Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov
zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou
podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
Error - 5.6.2010 14:41:27 | Computer Name = MASINA | Source = crypt32 | ID = 131080
Description = Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu
základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
s chybou: Operácia sa vrátila, pretože uplynul časový limit.
[ System Events ]
Error - 5.6.2010 17:44:30 | Computer Name = MASINA | Source = Service Control Manager | ID = 7031
Description = Služba Bluetooth Service sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia:
Reštartovať službu.
Error - 5.6.2010 17:44:30 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba Forceware Web Interface sa neočakávane ukončila. Služba sa
týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:32 | Computer Name = MASINA | Source = Service Control Manager | ID = 7031
Description = Služba Google Updater Service sa neočakávane ukončila. Služba sa
týmto spôsobom ukončila už 1 krát. O 900000 ms bude vykonaná nasledujúca opravná
akcia: Reštartovať službu.
Error - 5.6.2010 17:44:32 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:33 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba ForceWare IP service sa neočakávane ukončila. Služba sa týmto
spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:33 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba ForceWare user log service sa neočakávane ukončila. Služba
sa týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:33 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service sa neočakávane ukončila. Služba
sa týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:33 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba ForceWare Intelligent Application Manager (IAM) sa neočakávane
ukončila. Služba sa týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:44:34 | Computer Name = MASINA | Source = Service Control Manager | ID = 7034
Description = Služba Application Layer Gateway Service sa neočakávane ukončila.
Služba sa týmto spôsobom ukončila už 1 krát.
Error - 5.6.2010 17:45:05 | Computer Name = MASINA | Source = DCOM | ID = 10010
Description = Server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} sa v danom časovom limite
nezaregistroval na serveri DCOM.
< End of report >
Re: Operačná pamäť - Win32/Rustock trójsky kôň
otl.txt (prva cast - zda sa ze je to velke ...)
OTL logfile created on: 5.6.2010 22:40:11 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\jano\My Documents\Preberanie
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 518,00 Mb Available Physical Memory | 51,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 26,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 3,98 Gb Free Space | 19,92% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 6,01 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive E: | 75,41 Gb Total Space | 13,63 Gb Free Space | 18,07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MASINA
Current User Name: jano
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.06.05 22:38:25 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jano\My Documents\Preberanie\OTL.exe
PRC - [2010.06.04 20:34:20 | 000,458,469 | ---- | M] () -- C:\UsbFix\UsbFix.exe
PRC - [2010.06.04 20:23:40 | 000,108,408 | ---- | M] (Sysinternals - http://www.sysinternals.com) -- C:\UsbFix\Tools\pskill.exe
PRC - [2010.04.05 17:37:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.01 21:12:26 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.03.01 21:12:17 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009.02.06 15:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe
PRC - [2005.09.19 15:56:06 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
PRC - [2005.08.07 14:38:30 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2005.04.29 18:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005.04.29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005.04.29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004.11.30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
========== Modules (SafeList) ==========
MOD - [2010.06.05 22:38:25 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jano\My Documents\Preberanie\OTL.exe
MOD - [2004.08.04 01:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (threatfire)
SRV - [2010.03.01 21:12:17 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (lavasoft ad-aware service)
SRV - [2009.02.06 15:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 15:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008.12.23 17:35:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008.11.11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.09.05 09:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe -- (wampapache)
SRV - [2007.07.06 14:14:02 | 005,730,304 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2005.09.19 15:56:06 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.07 14:38:30 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005.04.29 18:21:06 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005.04.29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005.04.29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004.11.30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
========== Driver Services (SafeList) ==========
DRV - [2010.01.24 23:56:40 | 000,371,349 | ---- | M] (Illusion & Hope.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BT848.sys -- (bt848)
DRV - [2010.01.24 19:30:13 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\Temp\SiwIo.sys -- (siwio)
DRV - [2009.06.15 20:16:03 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.02.06 15:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.02.06 15:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.02.06 15:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.02.06 15:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.02.06 15:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.12.23 17:35:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.02.28 20:59:34 | 000,051,072 | ---- | M] (Identcode Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\ANGELNT.SYS -- (Angelnt)
DRV - [2007.09.18 21:49:55 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007.09.14 14:15:32 | 000,008,192 | ---- | M] (REALiX(tm)) [Kernel | Auto | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2007.01.26 03:42:50 | 002,831,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.06.27 13:50:36 | 010,148,480 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2005.12.18 21:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\DScaler\DSDrv4.sys -- (dsdrv4)
DRV - [2005.09.20 15:26:16 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.09.20 15:03:36 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005.09.19 15:44:52 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005.09.19 15:44:46 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005.09.19 15:42:04 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.09.19 15:41:36 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.09.19 15:38:26 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005.09.01 11:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005.09.01 11:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2005.08.01 13:10:00 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005.07.08 12:57:00 | 003,198,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005.06.20 16:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.06.09 14:10:58 | 000,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005.05.31 14:11:08 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005.04.05 21:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.04.05 21:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.01.12 20:28:04 | 000,116,224 | ---- | M] (InterVideo) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IviUdf.sys -- (iviudf)
DRV - [2005.01.12 06:29:28 | 000,038,784 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ivicd.sys -- (ivicd)
DRV - [2004.11.05 05:17:52 | 000,334,816 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) Philips SAA7133(5)
DRV - [2004.08.13 04:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004.08.03 23:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003.10.10 12:06:40 | 000,004,134 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyPCI.sys -- (FlyPCI)
DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002.07.17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (Aspi32)
DRV - [2001.08.17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 14:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)
DRV - [2000.07.24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/result ... EF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sk.start2.mozilla.com/firefox?cl ... k:official"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.01.24 23:30:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.05 17:37:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.05 17:37:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.03.21 17:54:39 | 000,000,000 | ---D | M]
[2008.08.27 17:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla\Extensions
[2010.05.16 11:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions
[2010.05.16 11:20:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008.06.22 22:27:32 | 000,000,000 | ---D | M] (SafeHistory) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{4649c7bb-2665-40f9-be48-fa9db9fdeb6c}
[2009.12.14 19:10:44 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.03.14 12:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008.09.15 16:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\dave2x@download
[2008.06.22 13:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.06.05 19:23:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\searchplugins\icqplugin-3.xml
[2009.08.07 16:49:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\searchplugins\icqplugin-4.xml
[2009.09.05 13:34:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\searchplugins\icqplugin-5.xml
[2009.06.13 14:48:40 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\searchplugins\icqplugin.xml
[2010.03.14 12:44:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.03.14 04:38:03 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.03.14 04:38:04 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.03.14 04:38:04 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2009.09.05 13:30:52 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009.09.05 13:30:56 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2010.03.14 04:38:04 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.03.14 04:38:04 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.03.14 04:38:04 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: ([2001.08.23 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pre aplikáciu Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe (ASUSTeK)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [WINCINEMAMGR] C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - HKU\.default..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\s-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\s-1-5-21-1547161642-1844823847-725345543-1004..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\jano\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\jano\Start Menu\Programs\Startup\Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe (Lingea)
O4 - Startup: C:\Documents and Settings\jano\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\jano\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.sk/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuálna domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.17 22:27:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.03.01 08:07:51 | 000,000,000 | ---D | M] - D:\autoskola -- [ NTFS ]
O33 - MountPoints2\X\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.09.17 22:26:39 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)
========== Files/Folders - Created Within 30 Days ==========
[2010.06.05 22:13:51 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.06.05 20:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.05 20:44:54 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.05 20:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.06.05 19:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2007.09.29 12:35:32 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2007.09.29 12:35:28 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2007.09.29 12:35:27 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.05 22:55:23 | 000,097,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\7b1f3f22.sys
[2010.06.05 22:51:21 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\jano\NTUSER.DAT
[2010.06.05 22:32:04 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004UA.job
[2010.06.05 22:24:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.05 22:08:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.05 22:08:48 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.05 22:08:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.05 22:08:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.05 22:07:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jano\ntuser.ini
[2010.06.05 22:03:40 | 000,001,645 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.06.05 19:12:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.01.24 22:40:47 | 000,003,789 | ---- | C] () -- C:\WINDOWS\tvX.ini
[2010.01.24 22:40:47 | 000,002,640 | ---- | C] () -- C:\WINDOWS\radioX.ini
[2010.01.24 22:40:47 | 000,000,774 | ---- | C] () -- C:\WINDOWS\captureX.ini
[2010.01.21 21:41:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\radiox_e.INI
[2009.06.14 22:25:35 | 000,097,342 | ---- | C] () -- C:\WINDOWS\System32\drivers\7b1f3f22.sys
[2009.04.20 21:46:25 | 000,001,851 | ---- | C] () -- C:\WINDOWS\SubCreator.INI
[2009.01.22 20:32:33 | 000,004,134 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlyPCI.sys
[2009.01.22 18:51:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009.01.22 18:51:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.01.04 20:02:23 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.01.04 20:01:24 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2009.01.04 20:01:24 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009.01.04 20:01:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009.01.04 20:00:59 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2009.01.04 20:00:59 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2009.01.04 20:00:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009.01.04 20:00:56 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2008.12.23 17:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008.02.28 20:59:35 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\ANGELDOS.SYS
[2007.12.18 20:27:47 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007.12.02 23:19:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2007.12.02 23:18:22 | 000,000,472 | ---- | C] () -- C:\WINDOWS\CUBIC.INI
[2007.12.02 23:16:53 | 000,000,042 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2007.12.02 23:13:45 | 000,000,434 | ---- | C] () -- C:\WINDOWS\MCT.INI
[2007.12.02 23:09:43 | 000,000,165 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007.12.01 20:48:59 | 000,000,071 | ---- | C] () -- C:\WINDOWS\CONTEXT.INI
[2007.11.03 10:42:17 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\NCTAudioCDRipper2.dll
[2007.11.03 10:15:24 | 000,000,113 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007.11.03 10:15:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.09.29 17:11:59 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.09.29 12:35:29 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2007.09.29 12:31:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2007.09.29 12:22:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007.09.29 12:11:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007.09.29 12:01:55 | 000,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2007.09.29 12:01:47 | 000,000,111 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2007.09.29 12:01:32 | 000,001,256 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2007.09.29 12:01:31 | 000,000,241 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI
[2007.09.29 12:01:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007.09.29 12:01:22 | 000,000,403 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2007.09.23 21:02:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007.09.23 21:02:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007.09.23 21:02:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007.09.23 21:02:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007.09.23 21:02:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007.09.23 21:02:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007.09.23 21:02:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\udffsrec.sys
[2007.09.23 09:26:42 | 000,000,732 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.09.18 21:46:54 | 000,010,309 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007.09.18 21:40:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2007.09.18 21:40:30 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007.09.17 23:01:19 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007.09.17 23:01:12 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007.09.17 22:48:01 | 000,018,006 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.09.17 22:47:59 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.09.17 22:47:55 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.09.17 22:37:39 | 000,001,645 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.09.17 22:37:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.08.08 17:30:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007.08.02 19:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007.08.02 19:11:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007.07.27 16:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007.07.27 16:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007.03.29 23:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.12.05 21:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005.12.05 14:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.09.19 15:50:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.07.08 12:57:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004.08.04 01:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.08.04 01:56:44 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\ctd4.sys
[2004.07.17 12:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.04.07 20:38:32 | 000,005,746 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2009.01.07 23:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\16290
[2008.11.03 20:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.10.23 12:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HappyFoto
[2009.03.19 22:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.01.24 22:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010.06.05 22:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2010.01.09 12:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010.01.24 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2009.01.24 23:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.06.05 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.03.01 07:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.06.15 20:04:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010.01.24 23:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009.01.07 23:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BearShare
[2009.04.23 22:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BSplayer
[2008.07.20 20:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BSplayer Pro
[2008.11.03 21:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ESET
[2010.06.05 20:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\GetRightToGo
[2010.01.17 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Happy Foto
[2008.02.02 23:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ICQ
[2008.01.06 17:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ICQLite
[2007.09.23 21:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\InterVideo
[2008.12.07 22:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\jbrout
[2009.04.20 21:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Jubler
[2009.01.11 21:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\LimeWire
[2008.02.10 13:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Miranda
[2007.10.23 18:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozart 9
[2009.01.24 23:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Nokia
[2008.05.08 08:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Opera
[2009.01.24 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\PC Suite
[2008.02.03 20:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\RipIt4Me
[2008.11.22 13:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Teeworlds
[2010.01.24 22:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Uniblue
[2010.06.05 20:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\uTorrent
[2009.07.27 17:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Wireshark
[2010.03.29 21:00:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2007.10.15 22:45:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job
========== Purity Check ==========
OTL logfile created on: 5.6.2010 22:40:11 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\jano\My Documents\Preberanie
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 518,00 Mb Available Physical Memory | 51,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 26,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,00 Gb Total Space | 3,98 Gb Free Space | 19,92% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 6,01 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive E: | 75,41 Gb Total Space | 13,63 Gb Free Space | 18,07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MASINA
Current User Name: jano
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.06.05 22:38:25 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jano\My Documents\Preberanie\OTL.exe
PRC - [2010.06.04 20:34:20 | 000,458,469 | ---- | M] () -- C:\UsbFix\UsbFix.exe
PRC - [2010.06.04 20:23:40 | 000,108,408 | ---- | M] (Sysinternals - http://www.sysinternals.com) -- C:\UsbFix\Tools\pskill.exe
PRC - [2010.04.05 17:37:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.01 21:12:26 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.03.01 21:12:17 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009.02.06 15:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe
PRC - [2005.09.19 15:56:06 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
PRC - [2005.08.07 14:38:30 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2005.04.29 18:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005.04.29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005.04.29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004.11.30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
========== Modules (SafeList) ==========
MOD - [2010.06.05 22:38:25 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jano\My Documents\Preberanie\OTL.exe
MOD - [2004.08.04 01:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (threatfire)
SRV - [2010.03.01 21:12:17 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (lavasoft ad-aware service)
SRV - [2009.02.06 15:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.02.06 15:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008.12.23 17:35:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008.11.11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.09.05 09:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe -- (wampapache)
SRV - [2007.07.06 14:14:02 | 005,730,304 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe -- (wampmysqld)
SRV - [2005.09.19 15:56:06 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.07 14:38:30 | 000,253,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005.04.29 18:21:06 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005.04.29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005.04.29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004.11.30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
========== Driver Services (SafeList) ==========
DRV - [2010.01.24 23:56:40 | 000,371,349 | ---- | M] (Illusion & Hope.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BT848.sys -- (bt848)
DRV - [2010.01.24 19:30:13 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\Temp\SiwIo.sys -- (siwio)
DRV - [2009.06.15 20:16:03 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.02.06 15:24:22 | 000,056,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.02.06 15:24:22 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.02.06 15:24:18 | 000,130,952 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.02.06 15:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.02.06 15:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008.12.23 17:35:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008.02.28 20:59:34 | 000,051,072 | ---- | M] (Identcode Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\ANGELNT.SYS -- (Angelnt)
DRV - [2007.09.18 21:49:55 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2007.09.14 14:15:32 | 000,008,192 | ---- | M] (REALiX(tm)) [Kernel | Auto | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2007.01.26 03:42:50 | 002,831,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.06.27 13:50:36 | 010,148,480 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2005.12.18 21:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\DScaler\DSDrv4.sys -- (dsdrv4)
DRV - [2005.09.20 15:26:16 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.09.20 15:03:36 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005.09.19 15:44:52 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005.09.19 15:44:46 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005.09.19 15:42:04 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.09.19 15:41:36 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.09.19 15:38:26 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005.09.01 11:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005.09.01 11:03:04 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2005.08.01 13:10:00 | 000,011,264 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005.07.08 12:57:00 | 003,198,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005.06.20 16:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.06.09 14:10:58 | 000,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2005.05.31 14:11:08 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005.04.05 21:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.04.05 21:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.01.12 20:28:04 | 000,116,224 | ---- | M] (InterVideo) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IviUdf.sys -- (iviudf)
DRV - [2005.01.12 06:29:28 | 000,038,784 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ivicd.sys -- (ivicd)
DRV - [2004.11.05 05:17:52 | 000,334,816 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) Philips SAA7133(5)
DRV - [2004.08.13 04:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.08.04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004.08.03 23:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003.10.10 12:06:40 | 000,004,134 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyPCI.sys -- (FlyPCI)
DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002.07.17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (Aspi32)
DRV - [2001.08.17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 14:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)
DRV - [2000.07.24 02:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.default\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/result ... EF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sk.start2.mozilla.com/firefox?cl ... k:official"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.01.24 23:30:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.05 17:37:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.05 17:37:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.03.21 17:54:39 | 000,000,000 | ---D | M]
[2008.08.27 17:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla\Extensions
[2010.05.16 11:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions
[2010.05.16 11:20:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008.06.22 22:27:32 | 000,000,000 | ---D | M] (SafeHistory) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{4649c7bb-2665-40f9-be48-fa9db9fdeb6c}
[2009.12.14 19:10:44 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.03.14 12:44:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008.09.15 16:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\dave2x@download
[2008.06.22 13:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.06.05 19:23:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\searchplugins\icqplugin-3.xml
[2009.08.07 16:49:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\searchplugins\icqplugin-4.xml
[2009.09.05 13:34:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\searchplugins\icqplugin-5.xml
[2009.06.13 14:48:40 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\searchplugins\icqplugin.xml
[2010.03.14 12:44:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.03.14 04:38:03 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.03.14 04:38:04 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.03.14 04:38:04 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2009.09.05 13:30:52 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009.09.05 13:30:56 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2010.03.14 04:38:04 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.03.14 04:38:04 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.03.14 04:38:04 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: ([2001.08.23 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pre aplikáciu Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe (ASUSTeK)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [WINCINEMAMGR] C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O4 - HKU\.default..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\s-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\s-1-5-21-1547161642-1844823847-725345543-1004..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\jano\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\jano\Start Menu\Programs\Startup\Lingea Update Center.lnk = C:\Program Files\Common Files\Lingea Shared\luc.exe (Lingea)
O4 - Startup: C:\Documents and Settings\jano\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\jano\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.default\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.sk/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuálna domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.17 22:27:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.03.01 08:07:51 | 000,000,000 | ---D | M] - D:\autoskola -- [ NTFS ]
O33 - MountPoints2\X\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.09.17 22:26:39 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\IR50_32.DLL (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)
========== Files/Folders - Created Within 30 Days ==========
[2010.06.05 22:13:51 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.06.05 20:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.05 20:44:54 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.05 20:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.06.05 19:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2007.09.29 12:35:32 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2007.09.29 12:35:28 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2007.09.29 12:35:27 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.05 22:55:23 | 000,097,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\7b1f3f22.sys
[2010.06.05 22:51:21 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\jano\NTUSER.DAT
[2010.06.05 22:32:04 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004UA.job
[2010.06.05 22:24:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.05 22:08:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.05 22:08:48 | 000,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.05 22:08:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.05 22:08:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.05 22:07:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jano\ntuser.ini
[2010.06.05 22:03:40 | 000,001,645 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.06.05 19:12:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.01.24 22:40:47 | 000,003,789 | ---- | C] () -- C:\WINDOWS\tvX.ini
[2010.01.24 22:40:47 | 000,002,640 | ---- | C] () -- C:\WINDOWS\radioX.ini
[2010.01.24 22:40:47 | 000,000,774 | ---- | C] () -- C:\WINDOWS\captureX.ini
[2010.01.21 21:41:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\radiox_e.INI
[2009.06.14 22:25:35 | 000,097,342 | ---- | C] () -- C:\WINDOWS\System32\drivers\7b1f3f22.sys
[2009.04.20 21:46:25 | 000,001,851 | ---- | C] () -- C:\WINDOWS\SubCreator.INI
[2009.01.22 20:32:33 | 000,004,134 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlyPCI.sys
[2009.01.22 18:51:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009.01.22 18:51:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.01.04 20:02:23 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.01.04 20:01:24 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2009.01.04 20:01:24 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009.01.04 20:01:24 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009.01.04 20:00:59 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2009.01.04 20:00:59 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2009.01.04 20:00:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009.01.04 20:00:56 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2008.12.23 17:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008.02.28 20:59:35 | 000,000,405 | ---- | C] () -- C:\WINDOWS\System32\ANGELDOS.SYS
[2007.12.18 20:27:47 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007.12.02 23:19:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2007.12.02 23:18:22 | 000,000,472 | ---- | C] () -- C:\WINDOWS\CUBIC.INI
[2007.12.02 23:16:53 | 000,000,042 | ---- | C] () -- C:\WINDOWS\boxworld.ini
[2007.12.02 23:13:45 | 000,000,434 | ---- | C] () -- C:\WINDOWS\MCT.INI
[2007.12.02 23:09:43 | 000,000,165 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007.12.01 20:48:59 | 000,000,071 | ---- | C] () -- C:\WINDOWS\CONTEXT.INI
[2007.11.03 10:42:17 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\NCTAudioCDRipper2.dll
[2007.11.03 10:15:24 | 000,000,113 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007.11.03 10:15:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.09.29 17:11:59 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.09.29 12:35:29 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2007.09.29 12:31:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2007.09.29 12:22:11 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007.09.29 12:11:07 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007.09.29 12:01:55 | 000,000,613 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2007.09.29 12:01:47 | 000,000,111 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2007.09.29 12:01:32 | 000,001,256 | ---- | C] () -- C:\WINDOWS\If42le.ini
[2007.09.29 12:01:31 | 000,000,241 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI
[2007.09.29 12:01:29 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007.09.29 12:01:22 | 000,000,403 | ---- | C] () -- C:\WINDOWS\umxaddin.ini
[2007.09.23 21:02:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007.09.23 21:02:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007.09.23 21:02:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007.09.23 21:02:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007.09.23 21:02:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007.09.23 21:02:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007.09.23 21:02:08 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\udffsrec.sys
[2007.09.23 09:26:42 | 000,000,732 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2007.09.18 21:46:54 | 000,010,309 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007.09.18 21:40:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007.09.18 21:40:30 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2007.09.18 21:40:30 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007.09.17 23:01:19 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007.09.17 23:01:12 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007.09.17 22:48:01 | 000,018,006 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.09.17 22:47:59 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.09.17 22:47:55 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.09.17 22:37:39 | 000,001,645 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.09.17 22:37:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.08.08 17:30:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007.08.02 19:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007.08.02 19:11:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007.07.27 16:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007.07.27 16:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007.03.29 23:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.12.05 21:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005.12.05 14:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.09.19 15:50:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005.07.08 12:57:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004.08.04 01:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.08.04 01:56:44 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\ctd4.sys
[2004.07.17 12:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.04.07 20:38:32 | 000,005,746 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2009.01.07 23:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\16290
[2008.11.03 20:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.10.23 12:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HappyFoto
[2009.03.19 22:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.01.24 22:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010.06.05 22:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2010.01.09 12:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010.01.24 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2009.01.24 23:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.06.05 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.03.01 07:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.06.15 20:04:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010.01.24 23:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009.01.07 23:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BearShare
[2009.04.23 22:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BSplayer
[2008.07.20 20:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BSplayer Pro
[2008.11.03 21:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ESET
[2010.06.05 20:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\GetRightToGo
[2010.01.17 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Happy Foto
[2008.02.02 23:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ICQ
[2008.01.06 17:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ICQLite
[2007.09.23 21:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\InterVideo
[2008.12.07 22:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\jbrout
[2009.04.20 21:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Jubler
[2009.01.11 21:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\LimeWire
[2008.02.10 13:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Miranda
[2007.10.23 18:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozart 9
[2009.01.24 23:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Nokia
[2008.05.08 08:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Opera
[2009.01.24 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\PC Suite
[2008.02.03 20:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\RipIt4Me
[2008.11.22 13:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Teeworlds
[2010.01.24 22:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Uniblue
[2010.06.05 20:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\uTorrent
[2009.07.27 17:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Wireshark
[2010.03.29 21:00:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2007.10.15 22:45:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job
========== Purity Check ==========
Re: Operačná pamäť - Win32/Rustock trójsky kôň
otl.txt (druha cast - az do konca)
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.04 01:56:50 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe -- [2008.08.21 03:18:00 | 000,443,968 | ---- | M] (Google Inc.)
"Google Update" = "C:\Documents and Settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2008.11.21 20:24:16 | 000,133,104 | ---- | M] (Google Inc.)
< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.01.07 23:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\16290
[2007.11.22 21:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007.09.27 17:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2008.06.02 19:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008.08.09 13:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008.02.03 20:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008.11.03 20:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.06.05 19:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009.10.23 12:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HappyFoto
[2009.03.19 22:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hps
[2009.03.19 22:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.01.24 22:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009.06.15 20:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009.05.29 20:42:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010.06.05 22:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2010.01.09 12:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010.01.24 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2009.01.24 23:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.06.05 22:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2007.09.29 18:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010.06.05 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007.12.23 01:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007.09.18 00:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009.03.01 07:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.06.15 20:04:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010.01.24 23:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008.07.04 14:35:40 | 000,054,632 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
[2009.03.12 10:17:34 | 002,902,048 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
[2009.01.06 14:50:48 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe
[2009.01.24 23:21:20 | 033,981,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_cze_web.exe
[2009.01.24 22:55:02 | 033,963,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_slk_web.exe
[2009.01.24 22:55:44 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
[2009.01.24 22:55:44 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
[2009.01.24 22:55:44 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2010.03.01 21:12:17 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010.03.01 21:12:26 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2009.10.19 20:05:48 | 000,640,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
[2010.03.01 21:12:41 | 002,357,064 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010.03.01 21:12:48 | 000,567,144 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010.03.01 21:12:55 | 000,566,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010.03.01 21:13:11 | 003,701,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
[2010.03.01 21:13:46 | 000,015,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010.03.01 21:13:50 | 000,315,736 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2009.07.06 20:06:35 | 000,085,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
[2009.10.19 20:06:03 | 000,303,976 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
[2009.06.22 18:32:51 | 000,053,319 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
< %APPDATA%\*. >
[2007.12.08 21:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Adobe
[2009.03.28 15:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\AdobeUM
[2010.01.22 22:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Apple Computer
[2009.01.07 23:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BearShare
[2009.04.07 21:57:34 | 000,000,000 | R--D | M] -- C:\Documents and Settings\jano\Application Data\Brother
[2009.04.23 22:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BSplayer
[2008.07.20 20:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BSplayer Pro
[2007.09.28 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Corel
[2009.04.23 22:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\CyberLink
[2010.03.01 20:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\dvdcss
[2008.11.03 21:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ESET
[2010.06.05 20:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\GetRightToGo
[2008.10.04 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Google
[2010.01.17 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Happy Foto
[2008.09.29 05:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Help
[2007.09.29 09:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Hewlett-Packard
[2008.02.02 23:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ICQ
[2008.01.06 17:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ICQLite
[2007.09.17 22:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Identities
[2008.02.02 21:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\InstallShield
[2007.09.23 21:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\InterVideo
[2008.12.07 22:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\jbrout
[2009.04.20 21:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Jubler
[2009.01.11 21:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\LimeWire
[2007.09.17 23:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Macromedia
[2010.01.09 13:02:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jano\Application Data\Microsoft
[2008.02.10 13:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Miranda
[2009.12.30 17:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\mIRC
[2007.10.23 18:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozart 9
[2010.05.16 11:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla
[2009.01.24 23:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Nokia
[2008.12.09 22:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\OpenOffice.org2
[2008.05.08 08:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Opera
[2009.01.24 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\PC Suite
[2007.09.29 22:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\PSpad
[2008.02.03 20:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\RipIt4Me
[2009.09.06 21:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Skype
[2007.09.24 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Sun
[2007.09.17 23:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Talkback
[2008.11.22 13:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Teeworlds
[2010.01.24 22:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Uniblue
[2010.06.05 20:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\uTorrent
[2010.05.16 17:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\vlc
[2009.05.28 19:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Winamp
[2009.07.27 17:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Wireshark
< %APPDATA%\*.exe /s >
[2008.02.16 19:18:55 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\jano\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
[2010.05.16 11:21:03 | 000,181,096 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\FlashGot.exe
[2007.12.30 06:01:18 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2007.12.30 06:01:18 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
[2008.02.03 20:33:13 | 000,643,072 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\RipIt4Me\updater\ri4mupdater.exe
< MD5 for: AGP440.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.04 01:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.04 01:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004.08.04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 23:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2001.08.23 15:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.04 01:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.04 01:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.04 01:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.04 01:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.04 01:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.04 01:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.04 01:56:44 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.05 23:46:21 | 000,097,342 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\7b1f3f22.sys
< %systemroot%\System32\config\*.sav >
[2007.09.18 00:13:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.09.18 00:13:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.09.18 00:13:06 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.04 01:56:44 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %Systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.06.05 23:46:51 | 000,097,342 | ---- | M] () -- C:\WINDOWS\system32\drivers\7b1f3f22.sys
< %systemroot%\system32\*.* /3 >
[2010.06.05 23:35:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\nmp.log
[2010.06.05 22:08:48 | 000,029,204 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2010.06.05 19:12:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2010.06.05 22:08:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\_nvidia_xxx_.log
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
< End of report >
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.04 01:56:50 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe -- [2008.08.21 03:18:00 | 000,443,968 | ---- | M] (Google Inc.)
"Google Update" = "C:\Documents and Settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2008.11.21 20:24:16 | 000,133,104 | ---- | M] (Google Inc.)
< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.01.07 23:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\16290
[2007.11.22 21:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007.09.27 17:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2008.06.02 19:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008.08.09 13:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008.02.03 20:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008.11.03 20:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.06.05 19:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009.10.23 12:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HappyFoto
[2009.03.19 22:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hps
[2009.03.19 22:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.01.24 22:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009.06.15 20:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009.05.29 20:42:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010.06.05 22:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2010.01.09 12:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010.01.24 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc
[2009.01.24 23:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.06.05 22:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2007.09.29 18:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010.06.05 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007.12.23 01:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007.09.18 00:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009.03.01 07:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.06.15 20:04:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010.01.24 23:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008.07.04 14:35:40 | 000,054,632 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
[2009.03.12 10:17:34 | 002,902,048 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
[2009.01.06 14:50:48 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe
[2009.01.24 23:21:20 | 033,981,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_cze_web.exe
[2009.01.24 22:55:02 | 033,963,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_slk_web.exe
[2009.01.24 22:55:44 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
[2009.01.24 22:55:44 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
[2009.01.24 22:55:44 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2010.03.01 21:12:17 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
[2010.03.01 21:12:26 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
[2009.10.19 20:05:48 | 000,640,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
[2010.03.01 21:12:41 | 002,357,064 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
[2010.03.01 21:12:48 | 000,567,144 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
[2010.03.01 21:12:55 | 000,566,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
[2010.03.01 21:13:11 | 003,701,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
[2010.03.01 21:13:46 | 000,015,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
[2010.03.01 21:13:50 | 000,315,736 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
[2009.07.06 20:06:35 | 000,085,352 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
[2009.10.19 20:06:03 | 000,303,976 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
[2009.06.22 18:32:51 | 000,053,319 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
< %APPDATA%\*. >
[2007.12.08 21:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Adobe
[2009.03.28 15:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\AdobeUM
[2010.01.22 22:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Apple Computer
[2009.01.07 23:58:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BearShare
[2009.04.07 21:57:34 | 000,000,000 | R--D | M] -- C:\Documents and Settings\jano\Application Data\Brother
[2009.04.23 22:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BSplayer
[2008.07.20 20:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\BSplayer Pro
[2007.09.28 20:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Corel
[2009.04.23 22:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\CyberLink
[2010.03.01 20:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\dvdcss
[2008.11.03 21:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ESET
[2010.06.05 20:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\GetRightToGo
[2008.10.04 21:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Google
[2010.01.17 20:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Happy Foto
[2008.09.29 05:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Help
[2007.09.29 09:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Hewlett-Packard
[2008.02.02 23:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ICQ
[2008.01.06 17:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\ICQLite
[2007.09.17 22:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Identities
[2008.02.02 21:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\InstallShield
[2007.09.23 21:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\InterVideo
[2008.12.07 22:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\jbrout
[2009.04.20 21:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Jubler
[2009.01.11 21:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\LimeWire
[2007.09.17 23:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Macromedia
[2010.01.09 13:02:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jano\Application Data\Microsoft
[2008.02.10 13:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Miranda
[2009.12.30 17:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\mIRC
[2007.10.23 18:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozart 9
[2010.05.16 11:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Mozilla
[2009.01.24 23:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Nokia
[2008.12.09 22:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\OpenOffice.org2
[2008.05.08 08:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Opera
[2009.01.24 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\PC Suite
[2007.09.29 22:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\PSpad
[2008.02.03 20:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\RipIt4Me
[2009.09.06 21:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Skype
[2007.09.24 20:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Sun
[2007.09.17 23:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Talkback
[2008.11.22 13:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Teeworlds
[2010.01.24 22:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Uniblue
[2010.06.05 20:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\uTorrent
[2010.05.16 17:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\vlc
[2009.05.28 19:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Winamp
[2009.07.27 17:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jano\Application Data\Wireshark
< %APPDATA%\*.exe /s >
[2008.02.16 19:18:55 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Documents and Settings\jano\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
[2010.05.16 11:21:03 | 000,181,096 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\FlashGot.exe
[2007.12.30 06:01:18 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2007.12.30 06:01:18 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
[2008.02.03 20:33:13 | 000,643,072 | ---- | M] () -- C:\Documents and Settings\jano\Application Data\RipIt4Me\updater\ri4mupdater.exe
< MD5 for: AGP440.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.04 01:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.04 01:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004.08.04 01:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 23:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2001.08.23 15:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.04 01:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.04 01:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.04 01:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.04 01:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.04 01:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.04 01:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.04 01:56:44 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.05 23:46:21 | 000,097,342 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\7b1f3f22.sys
< %systemroot%\System32\config\*.sav >
[2007.09.18 00:13:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.09.18 00:13:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.09.18 00:13:06 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.04 01:56:44 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %Systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.06.05 23:46:51 | 000,097,342 | ---- | M] () -- C:\WINDOWS\system32\drivers\7b1f3f22.sys
< %systemroot%\system32\*.* /3 >
[2010.06.05 23:35:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\nmp.log
[2010.06.05 22:08:48 | 000,029,204 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2010.06.05 19:12:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2010.06.05 22:08:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\_nvidia_xxx_.log
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
< End of report >
Re: Operačná pamäť - Win32/Rustock trójsky kôň
a konecne usbfix.txt
############################## | Usbfix 7.004 | [Deletion]
User: jano (Administrator) # MASINA [ ]
Updated 04/06/10 by El Desaparecido / C_XX
Started at 22:14:18 | 05/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: AMD Sempron(tm) Processor 2800+
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall: Disabled /!\
Antivirus: ESET Smart Security 4.0 4.0 [Enabled | Updated]
Firewall: ESET personal firewall 4.0.314.0 [Enabled]
Firewall: NVIDIA Firewall 1.0 [Enabled]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 20 Gb (5 Mb free - 24%) [] # NTFS
D:\ -> Fixed drive # 298 Gb (6 Mb free - 2%) [data] # NTFS
E:\ -> Fixed drive # 75 Gb (14 Mb free - 18%) [data] # NTFS
F:\ -> CD-ROM
H:\ -> CD-ROM
################## | Files # Infected Folders |
Not deleted ! C:\Recycler\S-1-5-21-1547161642-1844823847-725345543-1004
Not deleted ! D:\Recycler\S-1-5-21-1547161642-1844823847-725345543-1004
Not deleted ! D:\Recycler\S-1-5-21-515967899-492894223-1417001333-1003
Not deleted ! E:\Recycler\S-1-5-21-1085031214-2052111302-725345543-1003
Not deleted ! E:\Recycler\S-1-5-21-117609710-1303643608-839522115-500
Not deleted ! E:\Recycler\S-1-5-21-1547161642-1844823847-725345543-1004
Not deleted ! E:\Recycler\S-1-5-21-515967899-492894223-1417001333-1003
Deleted ! E:\WINNT\system32\dllcache\faxsend.exe
Deleted ! E:\WINNT\system32\faxsend.exe
################## | Registry |
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\X
################## | Listing |
[17/09/2007 - 22:51:11 | A | 1024] C:\.rnd
[15/06/2009 - 18:33:01 | A | 41767] C:\aaw7boot.log
[03/08/2009 - 21:40:10 | D ] C:\ALFA
[28/02/2008 - 21:00:33 | D ] C:\AlfaIns
[15/09/2008 - 18:56:17 | A | 0] C:\as.dat
[17/09/2007 - 22:27:14 | A | 0] C:\AUTOEXEC.BAT
[05/05/2008 - 19:51:20 | A | 192] C:\BcBtRmv.log
[17/09/2007 - 23:00:14 | ASH | 297] C:\boot.ini
[23/01/2009 - 16:58:39 | D ] C:\capture
[01/03/2009 - 08:17:38 | D ] C:\CISCO_CCNA
[17/09/2007 - 22:27:14 | A | 0] C:\CONFIG.SYS
[17/09/2007 - 22:44:05 | D ] C:\Documents and Settings
[09/12/2008 - 22:49:23 | D ] C:\games
[07/12/2008 - 22:33:59 | D ] C:\GTK
[20/08/2009 - 17:27:43 | A | 175847] C:\hpfr3600.log
[16/09/2009 - 16:17:35 | A | 76056] C:\img2-001.raw
[17/09/2007 - 22:27:14 | RASH | 0] C:\IO.SYS
[17/09/2007 - 22:27:14 | RASH | 0] C:\MSDOS.SYS
[29/09/2007 - 12:01:07 | D ] C:\My PageManager
[03/08/2004 - 23:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 23:59:34 | RASH | 250032] C:\ntldr
[05/06/2010 - 23:39:01 | ASH | 2285895680] C:\pagefile.sys
[05/06/2010 - 22:04:36 | RD ] C:\Program Files
[29/09/2007 - 12:12:23 | SHD ] C:\RECYCLER
[05/06/2010 - 20:45:22 | D ] C:\rsit
[19/12/2007 - 23:51:00 | A | 913] C:\siet.txt
[20/12/2007 - 00:04:42 | A | 621] C:\siet2.txt
[17/09/2007 - 22:43:05 | SHD ] C:\System Volume Information
[27/01/2008 - 21:07:25 | D ] C:\Temp
[24/03/2009 - 17:43:47 | D ] C:\totalcmd
[05/06/2010 - 23:53:14 | D ] C:\UsbFix
[06/06/2010 - 00:10:54 | A | 1546] C:\Usbfix.txt
[05/01/2008 - 21:23:07 | D ] C:\wamp
[05/04/2010 - 06:36:02 | D ] C:\WINDOWS
[04/03/2008 - 19:48:53 | D ] D:\AgemSoft
[21/05/2007 - 19:09:24 | A | 665] D:\ALBUM.PVM
[14/02/2010 - 16:05:27 | D ] D:\anglina
[06/01/2009 - 16:59:39 | D ] D:\Architekt
[11/04/2009 - 15:00:06 | D ] D:\ares
[01/03/2009 - 08:07:51 | D ] D:\autoskola
[11/04/2009 - 15:00:47 | D ] D:\BearShare
[20/05/2007 - 20:54:53 | D ] D:\Binaries
[11/04/2009 - 15:02:44 | D ] D:\CDcka
[01/03/2009 - 08:27:36 | D ] D:\cisco4.0
[14/02/2010 - 18:36:31 | D ] D:\conrad
[04/08/2009 - 20:41:29 | D ] D:\corel
[24/02/2009 - 22:57:06 | D ] D:\Downloads
[15/05/2007 - 21:31:49 | D ] D:\dreamwaear
[03/11/2007 - 11:56:00 | D ] D:\dvd2avi
[03/11/2007 - 10:28:29 | D ] D:\dvdclov
[27/01/2008 - 22:15:04 | D ] D:\Faith Comes By Hearing
[14/02/2010 - 15:41:36 | D ] D:\filmy
[06/05/2007 - 12:21:45 | A | 56146549] D:\fotky1.rar
[06/05/2007 - 12:25:22 | A | 26689570] D:\fotky2.rar
[19/03/2009 - 22:19:29 | D ] D:\Fotolab
[26/03/2009 - 20:44:51 | D ] D:\games
[08/02/2008 - 22:16:15 | D ] D:\gamesTripleA
[09/01/2010 - 11:16:55 | D ] D:\get
[29/09/2007 - 09:31:56 | AH | 2278] D:\hpothb07.dat
[29/09/2007 - 09:31:56 | AH | 62857] D:\hpothb07.tif
[02/12/2007 - 23:14:46 | D ] D:\imformatika pre managerov
[23/12/2007 - 01:12:09 | A | 1440024] D:\img2-001.raw
[31/05/2009 - 18:24:00 | D ] D:\install
[08/11/2008 - 14:42:22 | D ] D:\jaro-kluc
[07/12/2008 - 22:35:58 | D ] D:\jbrout
[03/02/2008 - 20:39:14 | D ] D:\JOSEPH_L1_PAL
[01/03/2009 - 08:57:02 | D ] D:\kluc-20071028
[13/12/2007 - 23:26:08 | D ] D:\KLUC-OEM
[01/03/2009 - 12:35:27 | D ] D:\kluc-zaloha
[14/02/2010 - 19:33:25 | D ] D:\Lingea
[15/08/2009 - 08:05:29 | D ] D:\mapy
[17/06/2007 - 14:37:44 | A | 49152] D:\md5sum.exe
[04/03/2008 - 21:56:06 | D ] D:\mmmm
[16/03/2010 - 21:27:15 | D ] D:\music
[27/03/2008 - 06:31:25 | A | 8454418588] D:\nevesta_na_uteku.NRG
[24/01/2009 - 23:30:30 | D ] D:\Nokia
[22/06/2007 - 21:56:16 | D ] D:\ntl
[21/05/2007 - 19:09:24 | D ] D:\OLALB
[08/11/2008 - 15:08:44 | D ] D:\oznamka
[01/11/2008 - 12:54:24 | D ] D:\peto
[19/10/2007 - 21:30:41 | D ] D:\photoshop
[30/05/2010 - 17:46:33 | D ] D:\pics
[07/01/2008 - 06:24:19 | D ] D:\Piesne Sionske
[26/06/2007 - 23:18:21 | D ] D:\prezentacia
[23/10/2007 - 21:34:00 | SHD ] D:\RECYCLER
[01/03/2009 - 12:39:32 | D ] D:\rozne
[24/06/2009 - 21:38:20 | A | 86399929] D:\Server.rar
[11/04/2009 - 09:51:30 | D ] D:\Shared
[17/02/2008 - 15:50:26 | D ] D:\Snort
[21/11/2009 - 12:34:32 | D ] D:\somarinky
[17/09/2007 - 22:45:15 | SHD ] D:\System Volume Information
[24/01/2010 - 21:31:32 | D ] D:\Temp
[20/01/2010 - 23:06:48 | D ] D:\test
[23/09/2008 - 05:23:47 | A | 4459610] D:\testwma.raw
[30/03/2010 - 21:53:44 | D ] D:\torrent
[10/09/2007 - 20:46:42 | D ] D:\undisker
[09/09/2007 - 21:22:32 | A | 2344906] D:\undisker.zip
[08/05/2007 - 18:50:06 | D ] D:\vcd
[17/04/2009 - 21:28:58 | A | 40306] D:\www.externisti.sk.zip
[01/07/2007 - 07:47:14 | A | 36795] D:\yahoo-sigin
[23/04/2009 - 22:13:38 | D ] D:\zaloha kluca
[05/04/2010 - 06:24:38 | D ] E:\366a68154742335f3438d28937205b
[30/06/2006 - 21:37:35 | D ] E:\ActualTest March 2006 - Certification
[26/04/2007 - 23:29:56 | D ] E:\adobe
[13/04/2006 - 20:15:34 | D ] E:\ASFRoot
[12/08/2007 - 13:48:49 | D ] E:\BearShare
[22/05/2007 - 19:33:21 | D ] E:\BearShare Applications
[06/05/2007 - 05:48:26 | D ] E:\biblia
[16/12/2006 - 23:47:29 | A | 26059095] E:\Boson NetSim 6.0 + Keygen.rar
[18/09/2007 - 21:35:47 | D ] E:\bup
[13/02/2010 - 20:16:06 | D ] E:\byt
[30/08/2006 - 19:43:07 | A | 105806524] E:\ccna4.rar
[16/12/2006 - 23:48:01 | D ] E:\Cisco CCSP
[18/06/2006 - 23:21:26 | D ] E:\Cisco Router Simulator (sybex)
[17/12/2006 - 16:02:01 | D ] E:\cm
[16/12/2006 - 23:50:38 | D ] E:\conrad
[20/06/2008 - 14:25:03 | D ] E:\corel clipart
[24/02/2007 - 00:24:00 | D ] E:\cs
[20/01/2007 - 19:41:09 | D ] E:\d2
[29/04/2006 - 14:41:13 | D ] E:\dev
[21/01/2007 - 08:34:38 | D ] E:\Diablo II
[04/05/2007 - 17:29:16 | D ] E:\download
[14/02/2010 - 18:46:02 | D ] E:\eBook
[16/12/2006 - 23:39:34 | D ] E:\flash
[15/07/2006 - 17:22:00 | D ] E:\get
[14/02/2010 - 18:36:50 | D ] E:\heh
[15/04/2006 - 01:34:16 | D ] E:\heroes
[24/03/2006 - 22:54:56 | AD ] E:\Inetpub
[08/09/2009 - 05:23:32 | D ] E:\INSTALL
[11/09/2006 - 22:03:37 | D ] E:\janko-mp3
[30/07/2006 - 17:15:37 | D ] E:\luther
[15/05/2007 - 21:34:35 | D ] E:\Macromedia
[29/09/2008 - 19:04:20 | D ] E:\mapy
[10/09/2006 - 13:37:00 | D ] E:\mikoftp
[10/01/2007 - 20:54:18 | D ] E:\Miranda IM
[17/03/2009 - 21:22:11 | D ] E:\mladez
[16/09/2007 - 17:01:46 | D ] E:\My Music
[14/02/2010 - 18:41:08 | D ] E:\narnia
[13/01/2007 - 20:56:38 | D ] E:\neroDB
[19/12/2006 - 20:16:42 | D ] E:\nmap-4.20
[13/03/2007 - 18:28:47 | A | 1290693] E:\ob3.rm
[23/05/2006 - 23:36:52 | D ] E:\obrazky-siet
[01/09/2008 - 11:55:13 | D ] E:\old
[14/10/2007 - 20:23:58 | D ] E:\oldgames
[15/10/2006 - 11:53:09 | A | 25600] E:\Organisti.doc
[01/05/2007 - 11:56:33 | D ] E:\pascal
[21/10/2006 - 22:47:23 | D ] E:\passion
[15/02/2006 - 00:03:10 | RASH | 524288] E:\POVODNYBIOS
[22/05/2006 - 05:25:03 | RAD ] E:\Program Files
[16/07/2006 - 12:02:42 | D ] E:\quark
[13/03/2007 - 18:54:51 | A | 12711440] E:\RealPlayer10-5GOLD.exe
[11/11/2007 - 21:32:38 | SHD ] E:\RECYCLER
[17/07/2008 - 18:25:29 | D ] E:\scan
[25/12/2007 - 18:29:54 | D ] E:\Seven.Swords.2005.DVDscr.XviD.AC3-BMDRU
[14/02/2006 - 08:44:15 | N | 123] E:\SN-corel.txt
[03/05/2007 - 18:07:19 | D ] E:\spalit
[19/05/2006 - 21:39:30 | A | 189] E:\spoj.bat
[17/07/2008 - 19:05:25 | A | 100755734] E:\Sverák a Uhlír (1997) - Zpevník.rar
[17/09/2007 - 22:45:15 | SHD ] E:\System Volume Information
[12/06/2006 - 21:58:55 | A | 161674] E:\tak_skoncis.jpg
[14/02/2010 - 18:44:48 | D ] E:\tel
[08/05/2007 - 00:00:56 | HD ] E:\temp
[02/06/2007 - 06:52:30 | D ] E:\Terasoft
[26/06/2007 - 19:58:07 | A | 4968267] E:\testwma.raw
[22/11/2006 - 08:28:06 | ASH | 5120] E:\Thumbs.db
[08/11/2007 - 00:25:20 | D ] E:\tmp
[17/04/2009 - 21:03:42 | H | 1349392] E:\treeinfo.wc
[03/02/2007 - 17:55:59 | D ] E:\ttt
[20/12/2007 - 21:06:08 | D ] E:\web
[11/04/2009 - 14:39:37 | D ] E:\wget
[25/05/2006 - 20:04:24 | D ] E:\windows
[17/09/2007 - 20:15:51 | AD ] E:\WINNT
[23/03/2006 - 23:16:36 | D ] E:\wokna
[21/05/2006 - 21:53:31 | D ] E:\zaloha
[23/12/2006 - 01:45:53 | D ] E:\ZK
[06/02/2007 - 20:43:26 | D ] E:\zuzana-CDcka
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | E.O.F |
############################## | Usbfix 7.004 | [Deletion]
User: jano (Administrator) # MASINA [ ]
Updated 04/06/10 by El Desaparecido / C_XX
Started at 22:14:18 | 05/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: AMD Sempron(tm) Processor 2800+
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall: Disabled /!\
Antivirus: ESET Smart Security 4.0 4.0 [Enabled | Updated]
Firewall: ESET personal firewall 4.0.314.0 [Enabled]
Firewall: NVIDIA Firewall 1.0 [Enabled]
RAM -> 1023 Mb
C:\ (%systemdrive%) -> Fixed drive # 20 Gb (5 Mb free - 24%) [] # NTFS
D:\ -> Fixed drive # 298 Gb (6 Mb free - 2%) [data] # NTFS
E:\ -> Fixed drive # 75 Gb (14 Mb free - 18%) [data] # NTFS
F:\ -> CD-ROM
H:\ -> CD-ROM
################## | Files # Infected Folders |
Not deleted ! C:\Recycler\S-1-5-21-1547161642-1844823847-725345543-1004
Not deleted ! D:\Recycler\S-1-5-21-1547161642-1844823847-725345543-1004
Not deleted ! D:\Recycler\S-1-5-21-515967899-492894223-1417001333-1003
Not deleted ! E:\Recycler\S-1-5-21-1085031214-2052111302-725345543-1003
Not deleted ! E:\Recycler\S-1-5-21-117609710-1303643608-839522115-500
Not deleted ! E:\Recycler\S-1-5-21-1547161642-1844823847-725345543-1004
Not deleted ! E:\Recycler\S-1-5-21-515967899-492894223-1417001333-1003
Deleted ! E:\WINNT\system32\dllcache\faxsend.exe
Deleted ! E:\WINNT\system32\faxsend.exe
################## | Registry |
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\X
################## | Listing |
[17/09/2007 - 22:51:11 | A | 1024] C:\.rnd
[15/06/2009 - 18:33:01 | A | 41767] C:\aaw7boot.log
[03/08/2009 - 21:40:10 | D ] C:\ALFA
[28/02/2008 - 21:00:33 | D ] C:\AlfaIns
[15/09/2008 - 18:56:17 | A | 0] C:\as.dat
[17/09/2007 - 22:27:14 | A | 0] C:\AUTOEXEC.BAT
[05/05/2008 - 19:51:20 | A | 192] C:\BcBtRmv.log
[17/09/2007 - 23:00:14 | ASH | 297] C:\boot.ini
[23/01/2009 - 16:58:39 | D ] C:\capture
[01/03/2009 - 08:17:38 | D ] C:\CISCO_CCNA
[17/09/2007 - 22:27:14 | A | 0] C:\CONFIG.SYS
[17/09/2007 - 22:44:05 | D ] C:\Documents and Settings
[09/12/2008 - 22:49:23 | D ] C:\games
[07/12/2008 - 22:33:59 | D ] C:\GTK
[20/08/2009 - 17:27:43 | A | 175847] C:\hpfr3600.log
[16/09/2009 - 16:17:35 | A | 76056] C:\img2-001.raw
[17/09/2007 - 22:27:14 | RASH | 0] C:\IO.SYS
[17/09/2007 - 22:27:14 | RASH | 0] C:\MSDOS.SYS
[29/09/2007 - 12:01:07 | D ] C:\My PageManager
[03/08/2004 - 23:38:34 | RASH | 47564] C:\NTDETECT.COM
[03/08/2004 - 23:59:34 | RASH | 250032] C:\ntldr
[05/06/2010 - 23:39:01 | ASH | 2285895680] C:\pagefile.sys
[05/06/2010 - 22:04:36 | RD ] C:\Program Files
[29/09/2007 - 12:12:23 | SHD ] C:\RECYCLER
[05/06/2010 - 20:45:22 | D ] C:\rsit
[19/12/2007 - 23:51:00 | A | 913] C:\siet.txt
[20/12/2007 - 00:04:42 | A | 621] C:\siet2.txt
[17/09/2007 - 22:43:05 | SHD ] C:\System Volume Information
[27/01/2008 - 21:07:25 | D ] C:\Temp
[24/03/2009 - 17:43:47 | D ] C:\totalcmd
[05/06/2010 - 23:53:14 | D ] C:\UsbFix
[06/06/2010 - 00:10:54 | A | 1546] C:\Usbfix.txt
[05/01/2008 - 21:23:07 | D ] C:\wamp
[05/04/2010 - 06:36:02 | D ] C:\WINDOWS
[04/03/2008 - 19:48:53 | D ] D:\AgemSoft
[21/05/2007 - 19:09:24 | A | 665] D:\ALBUM.PVM
[14/02/2010 - 16:05:27 | D ] D:\anglina
[06/01/2009 - 16:59:39 | D ] D:\Architekt
[11/04/2009 - 15:00:06 | D ] D:\ares
[01/03/2009 - 08:07:51 | D ] D:\autoskola
[11/04/2009 - 15:00:47 | D ] D:\BearShare
[20/05/2007 - 20:54:53 | D ] D:\Binaries
[11/04/2009 - 15:02:44 | D ] D:\CDcka
[01/03/2009 - 08:27:36 | D ] D:\cisco4.0
[14/02/2010 - 18:36:31 | D ] D:\conrad
[04/08/2009 - 20:41:29 | D ] D:\corel
[24/02/2009 - 22:57:06 | D ] D:\Downloads
[15/05/2007 - 21:31:49 | D ] D:\dreamwaear
[03/11/2007 - 11:56:00 | D ] D:\dvd2avi
[03/11/2007 - 10:28:29 | D ] D:\dvdclov
[27/01/2008 - 22:15:04 | D ] D:\Faith Comes By Hearing
[14/02/2010 - 15:41:36 | D ] D:\filmy
[06/05/2007 - 12:21:45 | A | 56146549] D:\fotky1.rar
[06/05/2007 - 12:25:22 | A | 26689570] D:\fotky2.rar
[19/03/2009 - 22:19:29 | D ] D:\Fotolab
[26/03/2009 - 20:44:51 | D ] D:\games
[08/02/2008 - 22:16:15 | D ] D:\gamesTripleA
[09/01/2010 - 11:16:55 | D ] D:\get
[29/09/2007 - 09:31:56 | AH | 2278] D:\hpothb07.dat
[29/09/2007 - 09:31:56 | AH | 62857] D:\hpothb07.tif
[02/12/2007 - 23:14:46 | D ] D:\imformatika pre managerov
[23/12/2007 - 01:12:09 | A | 1440024] D:\img2-001.raw
[31/05/2009 - 18:24:00 | D ] D:\install
[08/11/2008 - 14:42:22 | D ] D:\jaro-kluc
[07/12/2008 - 22:35:58 | D ] D:\jbrout
[03/02/2008 - 20:39:14 | D ] D:\JOSEPH_L1_PAL
[01/03/2009 - 08:57:02 | D ] D:\kluc-20071028
[13/12/2007 - 23:26:08 | D ] D:\KLUC-OEM
[01/03/2009 - 12:35:27 | D ] D:\kluc-zaloha
[14/02/2010 - 19:33:25 | D ] D:\Lingea
[15/08/2009 - 08:05:29 | D ] D:\mapy
[17/06/2007 - 14:37:44 | A | 49152] D:\md5sum.exe
[04/03/2008 - 21:56:06 | D ] D:\mmmm
[16/03/2010 - 21:27:15 | D ] D:\music
[27/03/2008 - 06:31:25 | A | 8454418588] D:\nevesta_na_uteku.NRG
[24/01/2009 - 23:30:30 | D ] D:\Nokia
[22/06/2007 - 21:56:16 | D ] D:\ntl
[21/05/2007 - 19:09:24 | D ] D:\OLALB
[08/11/2008 - 15:08:44 | D ] D:\oznamka
[01/11/2008 - 12:54:24 | D ] D:\peto
[19/10/2007 - 21:30:41 | D ] D:\photoshop
[30/05/2010 - 17:46:33 | D ] D:\pics
[07/01/2008 - 06:24:19 | D ] D:\Piesne Sionske
[26/06/2007 - 23:18:21 | D ] D:\prezentacia
[23/10/2007 - 21:34:00 | SHD ] D:\RECYCLER
[01/03/2009 - 12:39:32 | D ] D:\rozne
[24/06/2009 - 21:38:20 | A | 86399929] D:\Server.rar
[11/04/2009 - 09:51:30 | D ] D:\Shared
[17/02/2008 - 15:50:26 | D ] D:\Snort
[21/11/2009 - 12:34:32 | D ] D:\somarinky
[17/09/2007 - 22:45:15 | SHD ] D:\System Volume Information
[24/01/2010 - 21:31:32 | D ] D:\Temp
[20/01/2010 - 23:06:48 | D ] D:\test
[23/09/2008 - 05:23:47 | A | 4459610] D:\testwma.raw
[30/03/2010 - 21:53:44 | D ] D:\torrent
[10/09/2007 - 20:46:42 | D ] D:\undisker
[09/09/2007 - 21:22:32 | A | 2344906] D:\undisker.zip
[08/05/2007 - 18:50:06 | D ] D:\vcd
[17/04/2009 - 21:28:58 | A | 40306] D:\www.externisti.sk.zip
[01/07/2007 - 07:47:14 | A | 36795] D:\yahoo-sigin
[23/04/2009 - 22:13:38 | D ] D:\zaloha kluca
[05/04/2010 - 06:24:38 | D ] E:\366a68154742335f3438d28937205b
[30/06/2006 - 21:37:35 | D ] E:\ActualTest March 2006 - Certification
[26/04/2007 - 23:29:56 | D ] E:\adobe
[13/04/2006 - 20:15:34 | D ] E:\ASFRoot
[12/08/2007 - 13:48:49 | D ] E:\BearShare
[22/05/2007 - 19:33:21 | D ] E:\BearShare Applications
[06/05/2007 - 05:48:26 | D ] E:\biblia
[16/12/2006 - 23:47:29 | A | 26059095] E:\Boson NetSim 6.0 + Keygen.rar
[18/09/2007 - 21:35:47 | D ] E:\bup
[13/02/2010 - 20:16:06 | D ] E:\byt
[30/08/2006 - 19:43:07 | A | 105806524] E:\ccna4.rar
[16/12/2006 - 23:48:01 | D ] E:\Cisco CCSP
[18/06/2006 - 23:21:26 | D ] E:\Cisco Router Simulator (sybex)
[17/12/2006 - 16:02:01 | D ] E:\cm
[16/12/2006 - 23:50:38 | D ] E:\conrad
[20/06/2008 - 14:25:03 | D ] E:\corel clipart
[24/02/2007 - 00:24:00 | D ] E:\cs
[20/01/2007 - 19:41:09 | D ] E:\d2
[29/04/2006 - 14:41:13 | D ] E:\dev
[21/01/2007 - 08:34:38 | D ] E:\Diablo II
[04/05/2007 - 17:29:16 | D ] E:\download
[14/02/2010 - 18:46:02 | D ] E:\eBook
[16/12/2006 - 23:39:34 | D ] E:\flash
[15/07/2006 - 17:22:00 | D ] E:\get
[14/02/2010 - 18:36:50 | D ] E:\heh
[15/04/2006 - 01:34:16 | D ] E:\heroes
[24/03/2006 - 22:54:56 | AD ] E:\Inetpub
[08/09/2009 - 05:23:32 | D ] E:\INSTALL
[11/09/2006 - 22:03:37 | D ] E:\janko-mp3
[30/07/2006 - 17:15:37 | D ] E:\luther
[15/05/2007 - 21:34:35 | D ] E:\Macromedia
[29/09/2008 - 19:04:20 | D ] E:\mapy
[10/09/2006 - 13:37:00 | D ] E:\mikoftp
[10/01/2007 - 20:54:18 | D ] E:\Miranda IM
[17/03/2009 - 21:22:11 | D ] E:\mladez
[16/09/2007 - 17:01:46 | D ] E:\My Music
[14/02/2010 - 18:41:08 | D ] E:\narnia
[13/01/2007 - 20:56:38 | D ] E:\neroDB
[19/12/2006 - 20:16:42 | D ] E:\nmap-4.20
[13/03/2007 - 18:28:47 | A | 1290693] E:\ob3.rm
[23/05/2006 - 23:36:52 | D ] E:\obrazky-siet
[01/09/2008 - 11:55:13 | D ] E:\old
[14/10/2007 - 20:23:58 | D ] E:\oldgames
[15/10/2006 - 11:53:09 | A | 25600] E:\Organisti.doc
[01/05/2007 - 11:56:33 | D ] E:\pascal
[21/10/2006 - 22:47:23 | D ] E:\passion
[15/02/2006 - 00:03:10 | RASH | 524288] E:\POVODNYBIOS
[22/05/2006 - 05:25:03 | RAD ] E:\Program Files
[16/07/2006 - 12:02:42 | D ] E:\quark
[13/03/2007 - 18:54:51 | A | 12711440] E:\RealPlayer10-5GOLD.exe
[11/11/2007 - 21:32:38 | SHD ] E:\RECYCLER
[17/07/2008 - 18:25:29 | D ] E:\scan
[25/12/2007 - 18:29:54 | D ] E:\Seven.Swords.2005.DVDscr.XviD.AC3-BMDRU
[14/02/2006 - 08:44:15 | N | 123] E:\SN-corel.txt
[03/05/2007 - 18:07:19 | D ] E:\spalit
[19/05/2006 - 21:39:30 | A | 189] E:\spoj.bat
[17/07/2008 - 19:05:25 | A | 100755734] E:\Sverák a Uhlír (1997) - Zpevník.rar
[17/09/2007 - 22:45:15 | SHD ] E:\System Volume Information
[12/06/2006 - 21:58:55 | A | 161674] E:\tak_skoncis.jpg
[14/02/2010 - 18:44:48 | D ] E:\tel
[08/05/2007 - 00:00:56 | HD ] E:\temp
[02/06/2007 - 06:52:30 | D ] E:\Terasoft
[26/06/2007 - 19:58:07 | A | 4968267] E:\testwma.raw
[22/11/2006 - 08:28:06 | ASH | 5120] E:\Thumbs.db
[08/11/2007 - 00:25:20 | D ] E:\tmp
[17/04/2009 - 21:03:42 | H | 1349392] E:\treeinfo.wc
[03/02/2007 - 17:55:59 | D ] E:\ttt
[20/12/2007 - 21:06:08 | D ] E:\web
[11/04/2009 - 14:39:37 | D ] E:\wget
[25/05/2006 - 20:04:24 | D ] E:\windows
[17/09/2007 - 20:15:51 | AD ] E:\WINNT
[23/03/2006 - 23:16:36 | D ] E:\wokna
[21/05/2006 - 21:53:31 | D ] E:\zaloha
[23/12/2006 - 01:45:53 | D ] E:\ZK
[06/02/2007 - 20:43:26 | D ] E:\zuzana-CDcka
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | E.O.F |
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Operačná pamäť - Win32/Rustock trójsky kôň
Doporučuji odinstalovat Ad-Aware. Doporučuji odinstalovat µTorrent.P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (threatfire)
IE - HKU\s-1-5-21-1547161642-1844823847-725345543-1004\..\URLSearchHook: - Reg Error: Key error. File not found
O4 - HKLM..\RunOnce: [] File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010.06.05 22:55:23 | 000,097,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\7b1f3f22.sys
[2005.12.05 21:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005.12.05 14:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2007.07.27 16:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007.07.27 16:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2009.01.07 23:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\16290
[2010.06.05 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC359956
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]C:\WINDOWS\Temp\SiwIo.sys
C:\WINDOWS\System32\ctd4.sys
(Soubor/y nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)
Re: Operačná pamäť - Win32/Rustock trójsky kôň
log z OTL [06062010_104314.log]
All processes killed
========== OTL ==========
Service threatfire stopped successfully!
Service threatfire deleted successfully!
Registry value HKEY_USERS\s-1-5-21-1547161642-1844823847-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
C:\WINDOWS\System32\dllcache\ks.sys.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\kswdmcap.ax.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\tsbyuv.dll.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\vidcap.ax.tmp deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\drivers\ks.sys deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\drivers\stream.sys deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\drivers folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32 folder deleted successfully.
C:\WINDOWS\LastGood.Tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\7b1f3f22.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\lnod32umc.dll moved successfully.
C:\WINDOWS\system32\lnod32upd.dll moved successfully.
C:\WINDOWS\system32\lnod32apiW.dll moved successfully.
C:\WINDOWS\system32\lnod32apiA.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\16290 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP folder moved successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC359956 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD .
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: jano
->Temp folder emptied: 29267111 bytes
->Temporary Internet Files folder emptied: 82273 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46888934 bytes
->Apple Safari cache emptied: 79652688 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 8435 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Apple Safari cache emptied: 29628469 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 151378527 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 258329509 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 34061558 bytes
Total Files Cleaned = 600,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: jano
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
OTL by OldTimer - Version 3.2.5.3 log created on 06062010_104314
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\7b1f3f22.sys scheduled to be moved on reboot.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
vysledky z http://www.virustotal.com/cs/ - najskor mi nechcelo nacitat stranku, potom sa to podarilo, ale
C:\WINDOWS\Temp\SiwIo.sys subor sa nenasiel
C:\WINDOWS\System32\ctd4.sys
odpoved mi nezobrazilo, ale URL je
http://www.virustotal.com/cs/analisis/b ... 1275814404
este sa o to budem pokusat, aby som dostal zmysluplnu odpoved.
All processes killed
========== OTL ==========
Service threatfire stopped successfully!
Service threatfire deleted successfully!
Registry value HKEY_USERS\s-1-5-21-1547161642-1844823847-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
C:\WINDOWS\System32\dllcache\ks.sys.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\kswdmcap.ax.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\tsbyuv.dll.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\vidcap.ax.tmp deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\drivers\ks.sys deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\drivers\stream.sys deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32\drivers folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\system32 folder deleted successfully.
C:\WINDOWS\LastGood.Tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
File move failed. C:\WINDOWS\system32\drivers\7b1f3f22.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\lnod32umc.dll moved successfully.
C:\WINDOWS\system32\lnod32upd.dll moved successfully.
C:\WINDOWS\system32\lnod32apiW.dll moved successfully.
C:\WINDOWS\system32\lnod32apiA.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\16290 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP folder moved successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC359956 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD .
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: jano
->Temp folder emptied: 29267111 bytes
->Temporary Internet Files folder emptied: 82273 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46888934 bytes
->Apple Safari cache emptied: 79652688 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 8435 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Apple Safari cache emptied: 29628469 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 151378527 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 258329509 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 34061558 bytes
Total Files Cleaned = 600,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: jano
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
OTL by OldTimer - Version 3.2.5.3 log created on 06062010_104314
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\7b1f3f22.sys scheduled to be moved on reboot.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\jano\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
vysledky z http://www.virustotal.com/cs/ - najskor mi nechcelo nacitat stranku, potom sa to podarilo, ale
C:\WINDOWS\Temp\SiwIo.sys subor sa nenasiel
C:\WINDOWS\System32\ctd4.sys
odpoved mi nezobrazilo, ale URL je
http://www.virustotal.com/cs/analisis/b ... 1275814404
este sa o to budem pokusat, aby som dostal zmysluplnu odpoved.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Operačná pamäť - Win32/Rustock trójsky kôň
Zkuste soubory otestovat na http://virusscan.jotti.org/cs
Re: Operačná pamäť - Win32/Rustock trójsky kôň
tak tu je vysledok z http://virusscan.jotti.org/cs/
prvy subor tiez nenasiel
a z ctd4.sys
http://virusscan.jotti.org/cs/scanresul ... 27b6fd12b5
prvy subor tiez nenasiel
a z ctd4.sys
http://virusscan.jotti.org/cs/scanresul ... 27b6fd12b5
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Operačná pamäť - Win32/Rustock trójsky kôň
Chovanie PC sa nejako nezmenilo (ale PC fungovalo navonok v poriadku aj pred tym) len NOD hlasil ze nasiel pliagu v pamati
NOD stale hlasi ze
Operačná pamäť - Win32/Rustock trójsky kôň
a nevie ho z pamate dostat
NOD stale hlasi ze
Operačná pamäť - Win32/Rustock trójsky kôň
a nevie ho z pamate dostat
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Operačná pamäť - Win32/Rustock trójsky kôň
Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe- Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
- Vložte do PC všechny flash disky, které používáte.
- Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
- Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
- Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
- Během skenování může být počítač restartován.
Re: Operačná pamäť - Win32/Rustock trójsky kôň
log z ComboFix
ComboFix 10-06-06.01 - jano 06.06.2010 21:28:07.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.609 [GMT 2:00]
Running from: c:\documents and settings\jano\My Documents\Preberanie\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jano\Application Data\wiaserva.log
c:\windows\system32\drivers\7b1f3f22.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_7b1f3f22
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.
2010-06-06 08:43 . 2010-06-06 08:43 -------- d-----w- C:\_OTL
2010-06-05 20:13 . 2010-06-05 22:13 -------- d-----w- C:\UsbFix
2010-06-05 18:44 . 2010-06-05 18:45 -------- d-----w- C:\rsit
2010-06-05 18:44 . 2010-06-05 18:45 -------- d-----w- c:\program files\trend micro
2010-06-05 18:33 . 2010-06-05 20:08 -------- d-----w- c:\program files\Spyware Doctor
2010-06-05 17:16 . 2010-06-05 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 22:32 . 2007-09-18 20:22 -------- d-----w- c:\program files\Google
2010-06-05 20:08 . 2008-11-18 20:41 -------- d-----w- c:\program files\uTorrent
2010-06-05 20:06 . 2010-04-17 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-05 18:32 . 2010-01-24 19:53 -------- d-----w- c:\documents and settings\jano\Application Data\GetRightToGo
2010-06-05 18:16 . 2008-11-18 20:40 -------- d-----w- c:\documents and settings\jano\Application Data\uTorrent
2010-06-05 17:20 . 2008-10-04 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-16 15:52 . 2010-01-23 00:30 -------- d-----w- c:\documents and settings\jano\Application Data\vlc
2010-05-16 09:21 . 2008-09-01 07:55 181096 ----a-w- c:\documents and settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\FlashGot.exe
2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\documents and settings\jano\Application Data\Mozilla\plugins\npgoogletalk.dll
2007-09-23 19:02 . 2007-09-23 19:02 65 ----a-w- c:\program files\Common Files\appop.log
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"Google Update"="c:\documents and settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-21 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-08 86016]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 270336]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
c:\documents and settings\jano\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2010-2-14 275736]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-9-27 575488]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"
[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\oldgames\\bulanci.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\old\\d\\GAMES\\Aoe2\\empires2.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\jano\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\jano\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19945:TCP"= 19945:TCP:BitComet 19945 TCP
"19945:UDP"= 19945:UDP:BitComet 19945 UDP
R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [23.9.2007 21:02 38784]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15.6.2009 20:18 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [28.2.2008 20:59 51072]
R2 bt848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [24.1.2010 23:38 371349]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [6.2.2009 15:23 727720]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [8.10.2007 23:22 8192]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]
S0 tffsmon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 tfsysmon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1c99c1be46c4eff;Google Update Service (gupdate1c99c1be46c4eff);c:\program files\Google\Update\GoogleUpdate.exe [3.3.2009 18:19 133104]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [22.1.2009 18:51 2831232]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [22.1.2009 20:32 4134]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [23.9.2007 21:02 116224]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23.12.2008 17:35 50704]
S3 siwio;SIW low-level I/O driver;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?]
S3 tfnetmon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - udffsrec
.
Contents of the 'Scheduled Tasks' folder
2010-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:12]
2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:19]
2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:19]
2010-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004Core.job
- c:\documents and settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 18:24]
2010-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004UA.job
- c:\documents and settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 18:24]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\jano\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jano\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 21:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1844823847-725345543-1004_Classes\CLSID\{250FD340-7660-41FF-9BB9-86870A6B2EB8}\ProgID*]
"ParamCtrl"=hex:88,04,66,00,78,73,e3,40
[HKEY_USERS\S-1-5-21-1547161642-1844823847-725345543-1004_Classes\CLSID\{7A7507FE-3046-4852-86E8-7D44DA14A5A2}\ProgID*]
"ParamCtrl"=hex:88,04,66,00,78,73,e3,40
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1176)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'Explorer.EXE'(300)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-06 21:37:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-06 19:37
Pre-Run: 1 488 093 184 bytes free
Post-Run: 1 358 204 928 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows 2000 Server" /fastdetect
- - End Of File - - 916F5267446450D5741CED45D1690C7C
ComboFix 10-06-06.01 - jano 06.06.2010 21:28:07.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.609 [GMT 2:00]
Running from: c:\documents and settings\jano\My Documents\Preberanie\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jano\Application Data\wiaserva.log
c:\windows\system32\drivers\7b1f3f22.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_7b1f3f22
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.
2010-06-06 08:43 . 2010-06-06 08:43 -------- d-----w- C:\_OTL
2010-06-05 20:13 . 2010-06-05 22:13 -------- d-----w- C:\UsbFix
2010-06-05 18:44 . 2010-06-05 18:45 -------- d-----w- C:\rsit
2010-06-05 18:44 . 2010-06-05 18:45 -------- d-----w- c:\program files\trend micro
2010-06-05 18:33 . 2010-06-05 20:08 -------- d-----w- c:\program files\Spyware Doctor
2010-06-05 17:16 . 2010-06-05 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 22:32 . 2007-09-18 20:22 -------- d-----w- c:\program files\Google
2010-06-05 20:08 . 2008-11-18 20:41 -------- d-----w- c:\program files\uTorrent
2010-06-05 20:06 . 2010-04-17 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-05 18:32 . 2010-01-24 19:53 -------- d-----w- c:\documents and settings\jano\Application Data\GetRightToGo
2010-06-05 18:16 . 2008-11-18 20:40 -------- d-----w- c:\documents and settings\jano\Application Data\uTorrent
2010-06-05 17:20 . 2008-10-04 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-16 15:52 . 2010-01-23 00:30 -------- d-----w- c:\documents and settings\jano\Application Data\vlc
2010-05-16 09:21 . 2008-09-01 07:55 181096 ----a-w- c:\documents and settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\FlashGot.exe
2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\documents and settings\jano\Application Data\Mozilla\plugins\npgoogletalk.dll
2007-09-23 19:02 . 2007-09-23 19:02 65 ----a-w- c:\program files\Common Files\appop.log
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"Google Update"="c:\documents and settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-21 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-08 86016]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WINCINEMAMGR"="c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 270336]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-06-19 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-05-12 831488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
c:\documents and settings\jano\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Lingea Update Center.lnk - c:\program files\Common Files\Lingea Shared\luc.exe [2010-2-14 275736]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-9-27 575488]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-7-17 217180]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"
[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\oldgames\\bulanci.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\old\\d\\GAMES\\Aoe2\\empires2.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\jano\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\jano\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19945:TCP"= 19945:TCP:BitComet 19945 TCP
"19945:UDP"= 19945:UDP:BitComet 19945 UDP
R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [23.9.2007 21:02 38784]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15.6.2009 20:18 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 15:23 106208]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [28.2.2008 20:59 51072]
R2 bt848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [24.1.2010 23:38 371349]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [6.2.2009 15:23 727720]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [8.10.2007 23:22 8192]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]
S0 tffsmon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 tfsysmon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1c99c1be46c4eff;Google Update Service (gupdate1c99c1be46c4eff);c:\program files\Google\Update\GoogleUpdate.exe [3.3.2009 18:19 133104]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [22.1.2009 18:51 2831232]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [22.1.2009 20:32 4134]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [23.9.2007 21:02 116224]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [23.12.2008 17:35 50704]
S3 siwio;SIW low-level I/O driver;\??\c:\windows\TEMP\SiwIo.sys --> c:\windows\TEMP\SiwIo.sys [?]
S3 tfnetmon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - udffsrec
.
Contents of the 'Scheduled Tasks' folder
2010-03-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:12]
2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:19]
2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 16:19]
2010-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004Core.job
- c:\documents and settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 18:24]
2010-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1844823847-725345543-1004UA.job
- c:\documents and settings\jano\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-21 18:24]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sk.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\jano\Application Data\Mozilla\Firefox\Profiles\6ub8brdo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\jano\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jano\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 21:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1844823847-725345543-1004_Classes\CLSID\{250FD340-7660-41FF-9BB9-86870A6B2EB8}\ProgID*]
"ParamCtrl"=hex:88,04,66,00,78,73,e3,40
[HKEY_USERS\S-1-5-21-1547161642-1844823847-725345543-1004_Classes\CLSID\{7A7507FE-3046-4852-86E8-7D44DA14A5A2}\ProgID*]
"ParamCtrl"=hex:88,04,66,00,78,73,e3,40
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(1176)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'Explorer.EXE'(300)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-06 21:37:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-06 19:37
Pre-Run: 1 488 093 184 bytes free
Post-Run: 1 358 204 928 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows 2000 Server" /fastdetect
- - End Of File - - 916F5267446450D5741CED45D1690C7C
Přispějete na provoz fóra?