Prosim o kontrolu

Zpráva

bamik · #1 Příspěvek od **bamik** » 01 srp 2010 08:23

Prosim pekne o kontrolu logu Vopred dakujem

Logfile of random's system information tool 1.06 (written by random/random)
Run by oco65 at 2010-08-01 09:19:27
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (9%) free of 20 GB
Total RAM: 2047 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:30 AM, on 8/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21256)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\oco65\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\oco65.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15866&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Documents and Settings\oco65\Desktop\New Folder\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Documents and Settings\oco65\Desktop\New Folder\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/oco65/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/oco65/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg

--
End of file - 7596 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-22 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-02 153136]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]
""= []
"AAWTray"=C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe [2007-08-08 88024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2140880]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-07-26 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-21 202024]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe [2009-05-13 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-09 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^adni18_ChristmasTime_gadget.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\adni18_ChristmasTime_gadget.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HolidaysStar_by adni18.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HolidaysStar_by adni18.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-01-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMMyPictures"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Games\TmNationsForever\TmForever.exe"="C:\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"E:\flatout\FlatOut Ultimate Carnage\Fouc.exe"="E:\flatout\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-07-26 14:52:04 ----D---- C:\Documents and Settings\oco65\Application Data\OLYMPUS
2010-07-26 14:50:17 ----D---- C:\Program Files\OLYMPUS
2010-07-26 14:49:58 ----N---- C:\WINDOWS\system32\Pvmjpg21.dll
2010-07-26 14:49:09 ----D---- C:\Program Files\PIXELA
2010-07-26 14:47:34 ----A---- C:\WINDOWS\unvise32qt.exe
2010-07-26 14:47:25 ----D---- C:\WINDOWS\system32\QuickTime
2010-07-26 14:47:25 ----D---- C:\Program Files\QuickTime
2010-07-26 14:43:10 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2010-07-22 07:41:29 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-16 09:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-04 19:56:01 ----D---- C:\Documents and Settings\oco65\Application Data\ArcSoft
2010-07-04 19:55:25 ----D---- C:\Program Files\Common Files\ArcSoft
2010-07-04 19:54:58 ----A---- C:\WINDOWS\PCDLIB32.DLL
2010-07-04 19:54:55 ----D---- C:\Program Files\ArcSoft
2010-07-04 19:51:08 ----N---- C:\WINDOWS\system32\Remover.ini
2010-07-04 19:51:08 ----N---- C:\WINDOWS\system32\Remove.exe
2010-07-04 19:51:05 ----A---- C:\WINDOWS\system32\CoInst_080213.dll
2010-07-04 19:51:02 ----D---- C:\Program Files\Salix
2010-07-04 19:51:01 ----A---- C:\WINDOWS\system32\SP207.ini
2010-07-04 19:51:01 ----A---- C:\WINDOWS\system32\P207USD.dll
2010-07-04 19:51:00 ----D---- C:\WINDOWS\PixArt
2010-07-04 19:51:00 ----D---- C:\Program Files\Common Files\PAC207
2010-07-04 19:50:33 ----D---- C:\Documents and Settings\oco65\Application Data\InstallShield
2010-07-03 15:20:26 ----D---- C:\Documents and Settings\oco65\Application Data\MP3Rocket
2010-07-03 15:20:25 ----D---- C:\Program Files\MP3 Rocket

======List of files/folders modified in the last 1 months======

2010-08-01 09:19:30 ----D---- C:\WINDOWS\Temp
2010-08-01 09:19:28 ----D---- C:\Program Files\trend micro
2010-08-01 00:10:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-31 19:44:00 ----D---- C:\WINDOWS
2010-07-31 19:34:21 ----D---- C:\WINDOWS\Prefetch
2010-07-30 20:39:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-30 19:43:07 ----D---- C:\WINDOWS\system32\drivers
2010-07-30 14:51:39 ----SHD---- C:\WINDOWS\Installer
2010-07-29 13:10:06 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-28 16:18:44 ----D---- C:\WINDOWS\system32
2010-07-26 16:48:53 ----D---- C:\Documents and Settings\oco65\Application Data\ICQ
2010-07-26 15:06:17 ----D---- C:\Documents and Settings\oco65\Application Data\Skype
2010-07-26 14:51:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-26 14:51:28 ----HD---- C:\Config.Msi
2010-07-26 14:50:17 ----RD---- C:\Program Files
2010-07-26 14:49:58 ----N---- C:\WINDOWS\System.ini
2010-07-26 14:47:33 ----D---- C:\Program Files\Internet Explorer
2010-07-26 10:57:41 ----D---- C:\Documents and Settings\oco65\Application Data\skypePM
2010-07-26 07:36:28 ----D---- C:\Program Files\Mozilla Firefox
2010-07-17 14:20:10 ----HD---- C:\WINDOWS\inf
2010-07-16 09:27:46 ----D---- C:\WINDOWS\system32\dllcache
2010-07-16 09:27:39 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-16 09:26:01 ----D---- C:\WINDOWS\Debug
2010-07-14 16:14:29 ----D---- C:\Games
2010-07-06 16:47:23 ----D---- C:\Program Files\ICQ7.1
2010-07-04 20:02:46 ----A---- C:\WINDOWS\win.ini
2010-07-04 19:55:25 ----D---- C:\Program Files\Common Files
2010-07-04 19:54:41 ----D---- C:\Program Files\Common Files\InstallShield
2010-07-04 19:51:41 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-03 15:48:59 ----SD---- C:\WINDOWS\Tasks
2010-07-03 15:22:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-02 07:47:34 ----AC---- C:\WINDOWS\ODBC.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2009-02-18 11136]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 EIO_XP;EIO_XP; \??\C:\WINDOWS\system32\drivers\EIO_XP.sys []
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-02-26 55232]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-12-15 36096]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-02-26 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-02-26 134488]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-12-15 62336]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2009-02-18 12416]
R3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-30 18432]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-02-26 32584]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-12-15 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-31 5063168]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-15 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 PAC207;PC Camer@; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-24 141568]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-04-09 59392]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-12-15 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2009-02-18 10752]
S3 a1nnipdy;a1nnipdy; C:\WINDOWS\system32\drivers\a1nnipdy.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-27 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2010-05-09 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2010-05-09 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2010-05-09 94064]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-05 1389056]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-01-18 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-01-18 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2009-05-05 253440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-22 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-21 382248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Documents and Settings\oco65\Desktop\New Folder\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-18 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Documents and Settings\oco65\Desktop\New Folder\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 aawservice;Ad-Aware 2007 Service; C:\Program Files\Security\Ad-Aware 2007\aawservice.exe [2007-08-27 566616]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

1danab · #2 Příspěvek od **1danab** » 01 srp 2010 08:56

zdravím

C:\WINDOWS\system32\Remove.exe otestujte na VIRUSTOTALu

jednoduchý návod: po načtení stránky, kliknout na Procházet, najít cestu k výše zmíněnému souboru a kliknout na tlačítko Odeslat soubor; pokud vyskočí hláška, že soubor byl už testován, ignorujte to a proveďte sken znova; po ukončení skenu sem vložte výsledky buď zkopírováním textu nebo vložením odkazu

bamik · #3 Příspěvek od **bamik** » 01 srp 2010 09:24

Odkaz s Virustotal-u

http://www.virustotal.com/cs/analisis/a ... 1279128091

1danab · #4 Příspěvek od **1danab** » 01 srp 2010 10:06

pro jistotu otestujte na Virustotalu ještě toto c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
link mi sem zase vložte

bamik · #5 Příspěvek od **bamik** » 01 srp 2010 13:19

Druhy link

http://www.virustotal.com/cs/analisis/a ... 1280475961

1danab · #6 Příspěvek od **1danab** » 01 srp 2010 19:41

oba ty soubory (nejdřív jeden, poslat link a pak druhý a znovu link) dejte otestovat znovu...pokud by se to ptalo, že soubor byl testován, dejte otestovat znovu

bamik · #7 Příspěvek od **bamik** » 02 srp 2010 08:47

Linky s virustotalu

http://www.virustotal.com/cs/analisis/a ... 1280733969

http://www.virustotal.com/cs/analisis/a ... 1280734980

1danab · #8 Příspěvek od **1danab** » 02 srp 2010 09:02

soubory jsou ok

máte nějaké problémy s pc?

bamik · #9 Příspěvek od **bamik** » 02 srp 2010 12:45

Sem tam mi nahdne pomeni ikony na ploche a tiez mi zmenilo motiv prihlasovania sa na ucet s tradicneho xp -ckarskeho na podobyn ako bol myslim na windowse 2000

1danab · #10 Příspěvek od **1danab** » 03 srp 2010 08:56

stáhněte si OTL z tohoto odkazu http://oldtimer.geekstogo.com/OTL.exe

stažený soubor spusťte jako správce

v otevřeném okně stiskněte tlačítko Prohledat, čímž spustíte sken; vyčkejte prosím dokončení skenu (cca 5 minut); poté se vám otevře okno Poznámkového bloku s logem, jehož obsah sem zkopírujte

bamik · #11 Příspěvek od **bamik** » 04 srp 2010 16:14

LOG s OTL

OTL logfile created on: 8/4/2010 5:13:13 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\oco65\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 0.49 Gb Free Space | 2.52% Space Free | Partition Type: NTFS
Drive D: | 2.93 Gb Total Space | 0.14 Gb Free Space | 4.88% Space Free | Partition Type: NTFS
Drive E: | 14.80 Gb Total Space | 1.00 Gb Free Space | 6.76% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAL
Current User Name: oco65
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/04 17:09:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\oco65\My Documents\Downloads\OTL.exe
PRC - [2010/07/26 07:36:17 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/26 07:36:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/26 06:41:12 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe
PRC - [2010/02/26 06:40:58 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\egui.exe
PRC - [2009/05/05 20:53:04 | 000,253,440 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2007/09/21 01:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/09/21 01:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/08/08 15:53:16 | 000,088,024 | ---- | M] () -- C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe
PRC - [2007/06/13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/24 11:58:14 | 000,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2005/10/26 16:17:24 | 000,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2005/08/10 07:54:34 | 000,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2005/06/08 16:45:04 | 000,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

========== Modules (SafeList) ==========

MOD - [2010/08/04 17:09:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\oco65\My Documents\Downloads\OTL.exe
MOD - [2007/12/15 23:30:38 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\oco65\Desktop\New Folder\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\oco65\Desktop\New Folder\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2010/02/26 06:42:34 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/02/26 06:41:12 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/05/05 20:53:04 | 000,253,440 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2007/08/27 14:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) [Disabled | Stopped] -- C:\Program Files\Security\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/09 18:19:38 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm)
DRV - [2010/05/09 18:19:38 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
DRV - [2010/05/09 18:19:38 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl)
DRV - [2010/04/02 00:38:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/26 06:41:36 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/02/26 06:41:34 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/02/26 06:41:32 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/02/26 06:41:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/02/26 06:39:24 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/04/30 16:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/04/24 05:22:16 | 000,141,568 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/31 03:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 04:22:56 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2009/02/18 04:22:54 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2009/02/18 04:22:52 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008/08/06 06:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/12/15 23:32:48 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/23 22:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 22:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 22:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 22:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 22:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/01/30 03:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006/06/14 23:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006/01/05 01:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/15 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.icq.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15866&l=dis
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.6
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 14:47:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 14:47:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/06/01 17:30:49 | 000,000,000 | ---D | M]

[2009/11/01 20:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oco65\Application Data\Mozilla\Extensions
[2010/08/02 20:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\extensions
[2010/04/23 12:39:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 03:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/06/05 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\extensions\artur.dubovoy@gmail.com
[2010/02/08 17:35:36 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\askcom.xml
[2010/08/01 14:16:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin-1.xml
[2010/07/03 15:49:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin-2.xml
[2010/07/26 07:36:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin-3.xml
[2010/04/16 03:17:43 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin.gif
[2010/04/16 03:17:43 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin.src
[2010/06/27 10:23:37 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin.xml
[2010/08/02 20:16:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/oco65/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/oco65/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/25 16:37:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/03 12:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\oco65\Desktop\item1169098316-overmax-radio-budik-sd-mp3-usb-sd-aux_files
[2010/08/01 16:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\oco65\Desktop\fotky na vyvolanie
[2010/07/26 14:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\oco65\Application Data\OLYMPUS
[2010/07/26 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\OLYMPUS
[2010/07/26 14:49:58 | 000,319,488 | ---- | C] (Pegasus Imaging Corporation) -- C:\WINDOWS\System32\Pvmjpg21.dll
[2010/07/26 14:49:55 | 000,013,184 | ---- | C] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\bsaspi32.sys
[2010/07/26 14:49:55 | 000,009,688 | ---- | C] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys
[2010/07/26 14:49:54 | 000,013,567 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS
[2010/07/26 14:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2010/07/26 14:47:34 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010/07/26 14:47:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/07/26 14:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/26 14:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/07/14 17:42:00 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/04 15:34:20 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/04 15:34:19 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/04 15:34:18 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/04 15:33:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/04 15:33:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/04 09:44:05 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\oco65\NTUSER.DAT
[2010/08/04 09:44:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\oco65\ntuser.ini
[2010/08/03 20:01:06 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2010/08/03 12:46:24 | 000,050,306 | ---- | M] () -- C:\Documents and Settings\oco65\Desktop\item1169098316-overmax-radio-budik-sd-mp3-usb-sd-aux.html
[2010/07/31 19:44:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/29 13:10:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/29 13:09:04 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\oco65\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 13:59:06 | 000,184,663 | ---- | M] () -- C:\Documents and Settings\oco65\Desktop\bt.jpg
[2010/07/26 14:51:25 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OLYMPUS Master.lnk
[2010/07/26 14:49:58 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System.ini
[2010/07/26 14:49:55 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk
[2010/07/26 14:47:32 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/07/26 14:47:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/26 13:58:51 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/22 07:43:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 06:51:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/07 16:38:30 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/03 12:46:23 | 000,050,306 | ---- | C] () -- C:\Documents and Settings\oco65\Desktop\item1169098316-overmax-radio-budik-sd-mp3-usb-sd-aux.html
[2010/07/28 12:20:17 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/28 12:20:17 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/27 13:59:05 | 000,184,663 | ---- | C] () -- C:\Documents and Settings\oco65\Desktop\bt.jpg
[2010/07/26 14:51:25 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OLYMPUS Master.lnk
[2010/07/26 14:49:55 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk
[2010/07/26 14:47:32 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\oco65\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/07/26 14:47:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/04 19:51:08 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/07/04 19:51:01 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2010/04/23 12:17:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBDTS.INI
[2010/04/23 12:16:11 | 000,001,509 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2010/04/23 12:16:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBDSS.INI
[2010/04/23 12:16:03 | 000,000,469 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2010/04/23 12:15:57 | 000,001,195 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2010/04/23 12:15:52 | 000,001,496 | ---- | C] () -- C:\WINDOWS\WEBWTR.INI
[2010/02/13 19:40:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/12/15 23:50:30 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/11/01 20:02:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/01 19:50:25 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/10/25 16:57:10 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/25 16:57:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009/10/25 16:57:10 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009/10/25 16:46:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/25 08:07:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/10/24 19:40:12 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/24 19:35:35 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/10/24 19:35:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/10/24 19:35:03 | 000,016,056 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/24 19:35:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/05/01 10:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 10:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 10:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 10:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/15 23:37:35 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2007/12/02 14:55:57 | 000,001,226 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/11/27 06:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2004/10/11 21:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2001/07/07 13:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
< End of report >

1danab · #12 Příspěvek od **1danab** » 05 srp 2010 21:14

spusťte HiJackThis odtud C:\Program Files\trend micro\oco65.exe

neprovádějte sken, ale klikněte na tlačítko Open the Misc Tools Section

nahoře jsou čtyři tlačítka, musí být zamáčknuté Misc Tools:

Obrázek

najděte vlevo tlačítko Open ADS Spy , klikněte na něj, v následujícím okně klikněte na Scan, chvíli vyčkejte, poté klikněte na Save log (obsah logu sem) a dále pak klik na Remove selected

po restartu sem vložte nový log z OTL

bamik · #13 Příspěvek od **bamik** » 09 srp 2010 07:41

Ospravedlnujem sa ze to nejaku chvilu trvalo ale bol som mimo PC

Log s HiJackThis mi nevypisalo ked som dal scan tak mi okamzite vypisalo scan compled

prikladam iba log s OTL

OTL logfile created on: 8/9/2010 8:36:24 AM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\oco65\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 1.21 Gb Free Space | 6.17% Space Free | Partition Type: NTFS
Drive D: | 2.93 Gb Total Space | 0.14 Gb Free Space | 4.88% Space Free | Partition Type: NTFS
Drive E: | 14.80 Gb Total Space | 4.47 Gb Free Space | 30.19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAL
Current User Name: oco65
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/04 17:09:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\oco65\My Documents\Downloads\OTL.exe
PRC - [2010/07/26 07:36:17 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/26 07:36:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/26 06:41:12 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\ekrn.exe
PRC - [2010/02/26 06:40:58 | 002,140,880 | ---- | M] (ESET) -- C:\Program Files\Eset\ESET Smart Security\egui.exe
PRC - [2009/05/05 20:53:04 | 000,253,440 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2007/09/21 01:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/09/21 01:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/08/08 15:53:16 | 000,088,024 | ---- | M] () -- C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe
PRC - [2007/06/13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/24 11:58:14 | 000,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2005/10/26 16:17:24 | 000,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2005/08/10 07:54:34 | 000,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2005/06/08 16:45:04 | 000,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

========== Modules (SafeList) ==========

MOD - [2010/08/04 17:09:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\oco65\My Documents\Downloads\OTL.exe
MOD - [2007/12/15 23:30:38 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\oco65\Desktop\New Folder\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand | Stopped] -- C:\Documents and Settings\oco65\Desktop\New Folder\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2010/02/26 06:42:34 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/02/26 06:41:12 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/05/05 20:53:04 | 000,253,440 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2007/08/27 14:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) [Disabled | Stopped] -- C:\Program Files\Security\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/09 18:19:38 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm)
DRV - [2010/05/09 18:19:38 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
DRV - [2010/05/09 18:19:38 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl)
DRV - [2010/04/02 00:38:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/26 06:41:36 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/02/26 06:41:34 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/02/26 06:41:32 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010/02/26 06:41:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/02/26 06:39:24 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/04/30 16:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/04/24 05:22:16 | 000,141,568 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/31 03:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/02/18 04:22:56 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2009/02/18 04:22:54 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2009/02/18 04:22:52 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008/08/06 06:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/12/15 23:32:48 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/23 22:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 22:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 22:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 22:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 22:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/01/30 03:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006/06/14 23:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006/01/05 01:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/15 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.icq.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15866&l=dis
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.6
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.0.2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 14:47:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 14:47:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/06/01 17:30:49 | 000,000,000 | ---D | M]

[2009/11/01 20:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oco65\Application Data\Mozilla\Extensions
[2010/08/08 22:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\extensions
[2010/04/23 12:39:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 03:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/06/05 22:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\extensions\artur.dubovoy@gmail.com
[2010/02/08 17:35:36 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\askcom.xml
[2010/08/08 20:19:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin-1.xml
[2010/07/03 15:49:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin-2.xml
[2010/07/26 07:36:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin-3.xml
[2010/04/16 03:17:43 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin.gif
[2010/04/16 03:17:43 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin.src
[2010/06/27 10:23:37 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Profiles\35ow293e.default\searchplugins\icqplugin.xml
[2010/08/08 22:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/oco65/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/oco65/LOCALS~1/Temp/msohtml1/02/clip_image002.jpg
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\oco65\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/25 16:37:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/08 20:11:52 | 000,068,096 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/08/03 12:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\oco65\Desktop\item1169098316-overmax-radio-budik-sd-mp3-usb-sd-aux_files
[2010/08/01 16:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\oco65\Desktop\fotky na vyvolanie
[2010/07/26 14:52:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\oco65\Application Data\OLYMPUS
[2010/07/26 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\OLYMPUS
[2010/07/26 14:49:58 | 000,319,488 | ---- | C] (Pegasus Imaging Corporation) -- C:\WINDOWS\System32\Pvmjpg21.dll
[2010/07/26 14:49:55 | 000,013,184 | ---- | C] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\bsaspi32.sys
[2010/07/26 14:49:55 | 000,009,688 | ---- | C] (B.H.A Co.,Ltd.) -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys
[2010/07/26 14:49:54 | 000,013,567 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS
[2010/07/26 14:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2010/07/26 14:47:34 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010/07/26 14:47:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/07/26 14:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/26 14:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/07/14 17:42:00 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/09 06:49:35 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2010/08/09 06:46:48 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/09 06:46:46 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/09 06:46:45 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/09 06:46:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 06:46:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/08 23:00:28 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\oco65\NTUSER.DAT
[2010/08/08 23:00:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\oco65\ntuser.ini
[2010/08/08 23:00:09 | 003,170,682 | -H-- | M] () -- C:\Documents and Settings\oco65\Local Settings\Application Data\IconCache.db
[2010/08/08 22:09:49 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/08 21:14:15 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege 2.lnk
[2010/08/08 20:11:55 | 000,009,807 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010/08/08 20:11:52 | 000,068,096 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/08/08 20:11:52 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010/08/06 22:16:31 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\oco65\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/05 14:41:32 | 000,000,532 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010/08/05 14:02:07 | 001,688,611 | ---- | M] () -- C:\Documents and Settings\oco65\Desktop\2r3c8zq.png
[2010/08/03 12:46:24 | 000,050,306 | ---- | M] () -- C:\Documents and Settings\oco65\Desktop\item1169098316-overmax-radio-budik-sd-mp3-usb-sd-aux.html
[2010/07/31 19:44:00 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/27 13:59:06 | 000,184,663 | ---- | M] () -- C:\Documents and Settings\oco65\Desktop\bt.jpg
[2010/07/26 14:51:25 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OLYMPUS Master.lnk
[2010/07/26 14:49:58 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System.ini
[2010/07/26 14:49:55 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk
[2010/07/26 14:47:32 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\oco65\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/07/26 14:47:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/26 13:58:51 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/22 07:43:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/15 06:51:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/08 21:26:02 | 003,767,923 | ---- | C] () -- C:\Documents and Settings\oco65\Desktop\DS2_11CZ.exe
[2010/08/08 21:14:15 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dungeon Siege 2.lnk
[2010/08/08 20:11:55 | 000,009,807 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/08/08 20:11:52 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010/08/05 14:41:32 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/08/05 14:02:06 | 001,688,611 | ---- | C] () -- C:\Documents and Settings\oco65\Desktop\2r3c8zq.png
[2010/08/03 12:46:23 | 000,050,306 | ---- | C] () -- C:\Documents and Settings\oco65\Desktop\item1169098316-overmax-radio-budik-sd-mp3-usb-sd-aux.html
[2010/07/28 12:20:17 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/28 12:20:17 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/27 13:59:05 | 000,184,663 | ---- | C] () -- C:\Documents and Settings\oco65\Desktop\bt.jpg
[2010/07/26 14:51:25 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OLYMPUS Master.lnk
[2010/07/26 14:49:55 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk
[2010/07/26 14:47:32 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\oco65\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/07/26 14:47:29 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/07/04 19:51:08 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/07/04 19:51:01 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2010/04/23 12:17:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBDTS.INI
[2010/04/23 12:16:11 | 000,001,509 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2010/04/23 12:16:09 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBDSS.INI
[2010/04/23 12:16:03 | 000,000,469 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2010/04/23 12:15:57 | 000,001,195 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2010/04/23 12:15:52 | 000,001,496 | ---- | C] () -- C:\WINDOWS\WEBWTR.INI
[2010/02/13 19:40:43 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/12/15 23:50:30 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/11/01 20:02:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/01 19:50:25 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/10/25 16:57:10 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/25 16:57:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009/10/25 16:57:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009/10/25 16:57:10 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009/10/25 16:46:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/25 08:07:39 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/10/24 19:40:12 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/10/24 19:35:35 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/10/24 19:35:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/10/24 19:35:03 | 000,016,056 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/24 19:35:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/05/01 10:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 10:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 10:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 10:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/15 23:37:35 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2007/12/02 14:55:57 | 000,001,226 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/11/27 06:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2004/10/11 21:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2001/07/07 13:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
< End of report >

1danab · #14 Příspěvek od **1danab** » 10 srp 2010 17:48

stáhněte GMER , rozbalte a spusťte

proběhne sken, po jehož ukončení se zobrazí výsledky

poté klikněte na Save a uložíte tak log, jeho obsah sem vložte

pak dle tohoto návodu absolvujte druhý sken a opět obsah logu sem

bamik · #15 Příspěvek od **bamik** » 12 srp 2010 09:55

Log 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-12 10:53:31
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\oco65\LOCALS~1\Temp\pxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT spmh.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spmh.sys ZwEnumerateValueKey [0xB7ECE132]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6531F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

Log 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-12 10:52:56
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\oco65\LOCALS~1\Temp\pxtdapow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB3225610]
SSDT spmh.sys ZwCreateKey [0xB7EB50E0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB3225C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB3225730]
SSDT spmh.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spmh.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spmh.sys ZwOpenKey [0xB7EB50C0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB32254B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB3225570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB32256D0]
SSDT spmh.sys ZwQueryKey [0xB7ECE20A]
SSDT spmh.sys ZwQueryValueKey [0xB7ECE08A]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB3225690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB3225650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB32257D0]
SSDT spmh.sys ZwSetValueKey [0xB7ECE29C]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB3225510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB3225590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB32254D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB32255D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB3225750]

INT 0x62 ? 8A654BF8
INT 0x63 ? 8A654BF8
INT 0x63 ? 8A654BF8
INT 0x63 ? 8A2A4F00
INT 0x63 ? 8A654BF8
INT 0x82 ? 8A654BF8
INT 0x83 ? 8A2A4F00
INT 0xA4 ? 8A2A4F00
INT 0xB4 ? 8A2A4F00

---- Kernel code sections - GMER 1.0.15 ----

? spmh.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6870360, 0x3CEED5, 0xE8000020]
.text USBPORT.SYS!DllUnload B680880C 5 Bytes JMP 8A2A44E0
.text a18a8tbd.SYS B6752386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a18a8tbd.SYS B67523AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a18a8tbd.SYS B67523C4 3 Bytes [00, 80, 02]
.text a18a8tbd.SYS B67523C9 1 Byte [30]
.text a18a8tbd.SYS B67523C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
init C:\WINDOWS\System32\atkosdmini.dll entry point in "init" section [0xBD042480]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[292] kernel32.dll!SetUnhandledExceptionFilter 7C844915 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[844] USER32.dll!TrackPopupMenu 7E46526E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2412] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spmh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spmh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spmh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spmh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spmh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spmh.sys
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!READ_PORT_UCHAR] B48B8932
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!KfRaiseIrql] 0001C083
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 020CB389
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\a18a8tbd.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6531F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBPDO-0 8A3F41F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5E41F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5E41F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5E41F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5E41F8
Device \Driver\usbuhci \Device\USBPDO-1 8A3F41F8
Device \Driver\sptd \Device\3440535952 spmh.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{BC80D90A-3110-48CC-92C4-19487FD8DC2D} 896A51F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3F41F8
Device \Driver\usbuhci \Device\USBPDO-3 8A3F41F8
Device \Driver\usbehci \Device\USBPDO-4 8A3DC1F8
Device \Driver\PCI_PNP4702 \Device\00000048 spmh.sys

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6551F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6551F8
Device \Driver\Cdrom \Device\CdRom0 8A3D11F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6551F8
Device \Driver\Cdrom \Device\CdRom1 8A3D11F8
Device \Driver\atapi \Device\Ide\IdePort0 8A6541F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8A6541F8
Device \Driver\atapi \Device\Ide\IdePort1 8A6541F8
Device \Driver\atapi \Device\Ide\IdePort2 8A6541F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8A6541F8
Device \Driver\atapi \Device\Ide\IdePort3 8A6541F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 896A51F8
Device \Driver\NetBT \Device\NetbiosSmb 896A51F8

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBFDO-0 8A3F41F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3F41F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 896981F8
Device \Driver\usbuhci \Device\USBFDO-2 8A3F41F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 896981F8
Device \Driver\usbuhci \Device\USBFDO-3 8A3F41F8
Device \Driver\usbehci \Device\USBFDO-4 8A3DC1F8
Device \Driver\Ftdisk \Device\FtControl 8A6551F8
Device \Driver\a18a8tbd \Device\Scsi\a18a8tbd1 8A1F51F8
Device \Driver\a18a8tbd \Device\Scsi\a18a8tbd1Port4Path0Target0Lun0 8A1F51F8
Device \FileSystem\Cdfs \Cdfs 8A318500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -584322441
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -299890149
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0x8E 0x46 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x4A 0x81 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0x5F 0x0D 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0x84 0x2C 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x54 0xBC 0x5A 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0xB9 0xA2 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5D 0x2B 0x51 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFE 0x4A 0x81 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0x5F 0x0D 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0x84 0x2C 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x54 0xBC 0x5A 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB4 0xB9 0xA2 0xC3 ...

---- EOF - GMER 1.0.15 ----

VIRY.CZ

Prosim o kontrolu

Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu