Prosim o kontrolu logu

[Dex4]

Dobry den! Rad by som poprosil o kontrolu logu z mojho PC. V poslednej dobe casto mrzne tak som mal dost velke podozrenie na nejake infiltracie. Dakujem vopred za pomoc!

Logfile of random's system information tool 1.08 (written by random/random)
Run by AD-AM at 2010-09-05 12:36:23
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 157 GB (31%) free of 500 GB
Total RAM: 3326 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:54, on 5. 9. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.65\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\RSIT\RSIT.exe
C:\Program Files\trend micro\AD-AM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [ICQ6setup] cmd.exe /c rmdir /S /Q "C:\Program Files\ICQ6.5"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: hpoddt01.exe.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9d6e3ec9fe1d5) (gupdate1c9d6e3ec9fe1d5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6551 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RtlNICDiagVistaStart.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2010-05-28 48080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-03-16 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2008-05-21 15519744]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ6setup"=cmd.exe /c rmdir /S /Q C:\Program Files\ICQ6.5 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
hpoddt01.exe.lnk.disabled - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
WinZip Quick Pick.lnk.disabled - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2010-09-05 12:36:07 ----D---- C:\RSIT
2010-09-05 11:17:02 ----SHD---- C:\Config.Msi
2010-09-05 10:39:57 ----D---- C:\Program Files\Wise Registry Cleaner
2010-09-05 10:29:56 ----D---- C:\Program Files\RegCleaner
2010-08-25 14:56:07 ----RA---- C:\Windows\system32\vp6vfw.dll
2010-08-25 14:39:15 ----AD---- C:\Master of Magic
2010-08-24 16:29:40 ----D---- C:\moo
2010-08-13 21:30:48 ----D---- C:\Program Files\Call of Duty United Offensive Single Player Demo
2010-08-11 13:18:50 ----A---- C:\Windows\system32\iertutil.dll
2010-08-11 13:18:49 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 13:18:47 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 13:18:46 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 13:18:45 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 13:18:45 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 13:18:45 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-11 13:18:45 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 13:18:45 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 13:18:45 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-11 13:18:44 ----A---- C:\Windows\system32\occache.dll
2010-08-11 13:18:44 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 13:18:44 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 13:18:44 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 13:18:44 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-11 13:18:44 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-11 13:18:44 ----A---- C:\Windows\system32\iesetup.dll
2010-08-11 13:18:44 ----A---- C:\Windows\system32\iernonce.dll
2010-08-11 13:18:44 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 13:18:43 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 13:18:42 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 13:18:34 ----A---- C:\Windows\system32\win32k.sys
2010-08-11 13:18:32 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 13:18:19 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 13:18:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 13:18:15 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 13:18:14 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 13:18:14 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 13:18:12 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-09 22:14:18 ----D---- C:\Program Files\Atari
2010-08-05 00:12:28 ----D---- C:\Program Files\DotNes
2010-08-03 09:48:11 ----A---- C:\Windows\system32\shell32.dll
2010-07-26 14:07:32 ----D---- C:\Program Files\Common Files\Skype
2010-07-17 12:59:17 ----D---- C:\Program Files\mektek.net
2010-07-17 12:20:59 ----D---- C:\Users\AD-AM\AppData\Roaming\Plan It Green Files
2010-07-16 12:28:06 ----D---- C:\Vietcong2
2010-07-13 14:20:15 ----D---- C:\Windows\system32\AGEIA
2010-07-13 14:20:14 ----D---- C:\Program Files\AGEIA Technologies
2010-07-13 14:19:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of files/folders modified in the last 2 months======

2010-09-05 12:36:33 ----D---- C:\Windows\Temp
2010-09-05 12:36:29 ----D---- C:\Program Files\trend micro
2010-09-05 12:04:34 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-09-05 11:59:29 ----SHD---- C:\System Volume Information
2010-09-05 11:17:04 ----SHD---- C:\Windows\Installer
2010-09-05 11:17:04 ----RD---- C:\Program Files
2010-09-05 11:17:04 ----D---- C:\Windows
2010-09-05 11:17:02 ----D---- C:\ProgramData\WinZip
2010-09-05 11:15:22 ----D---- C:\Windows\system32\drivers
2010-09-05 11:15:22 ----D---- C:\ProgramData\Ulead Systems
2010-09-05 11:15:11 ----D---- C:\Program Files\Common Files
2010-09-05 11:12:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-05 11:12:57 ----D---- C:\Windows\System32
2010-09-05 11:11:53 ----D---- C:\Program Files\RA303UDP
2010-09-05 11:04:53 ----D---- C:\Program Files\Nexus Radio
2010-09-05 11:03:56 ----D---- C:\games
2010-09-05 11:02:02 ----RD---- C:\FOTO
2010-09-05 11:00:10 ----D---- C:\Program Files\ICQ6.5
2010-09-05 10:56:11 ----D---- C:\Program Files\Free Download Manager
2010-09-05 10:56:10 ----HD---- C:\ProgramData
2010-09-05 10:53:35 ----D---- C:\ZALOHA
2010-09-05 10:44:52 ----A---- C:\Windows\win.ini
2010-09-05 10:39:38 ----D---- C:\Program Files\Creative
2010-09-05 10:33:24 ----D---- C:\Windows\system32\drivers\etc
2010-09-05 10:30:46 ----D---- C:\Windows\Prefetch
2010-09-05 10:04:17 ----D---- C:\Users\AD-AM\AppData\Roaming\uTorrent
2010-09-04 20:05:20 ----D---- C:\Windows\tracing
2010-09-03 22:09:16 ----D---- C:\Windows\inf
2010-09-03 22:09:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-03 19:03:02 ----D---- C:\Users\AD-AM\AppData\Roaming\Skype
2010-09-03 18:56:36 ----D---- C:\Users\AD-AM\AppData\Roaming\skypePM
2010-09-02 20:32:15 ----D---- C:\Windows\system32\catroot2
2010-08-30 13:43:01 ----D---- C:\Program Files\Common Files\Nero
2010-08-30 13:39:03 ----D---- C:\ProgramData\Nero
2010-08-30 13:06:09 ----D---- C:\Users\AD-AM\AppData\Roaming\Real
2010-08-30 12:42:22 ----D---- C:\Filmy
2010-08-26 21:20:42 ----D---- C:\Program Files\EA Games
2010-08-26 16:06:46 ----RSD---- C:\Windows\assembly
2010-08-26 15:55:44 ----D---- C:\Program Files\Electronic Arts
2010-08-24 16:28:33 ----D---- C:\Program Files\DOSBox-0.72
2010-08-22 22:07:27 ----D---- C:\Windows\Minidump
2010-08-13 15:26:54 ----D---- C:\Windows\system32\Tasks
2010-08-11 20:59:10 ----D---- C:\Windows\Microsoft.NET
2010-08-11 19:55:08 ----D---- C:\Windows\winsxs
2010-08-11 18:32:52 ----D---- C:\Program Files\Internet Explorer
2010-08-11 18:32:51 ----D---- C:\Windows\system32\migration
2010-08-11 18:32:49 ----D---- C:\Program Files\Movie Maker
2010-08-11 13:44:48 ----D---- C:\Windows\system32\catroot
2010-08-11 13:44:43 ----D---- C:\Program Files\Windows Mail
2010-08-10 14:32:18 ----D---- C:\Program Files\uTorrent
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-28 02:54:34 ----D---- C:\Users\AD-AM\AppData\Roaming\IrfanView
2010-07-26 14:07:47 ----RD---- C:\Program Files\Skype
2010-07-26 14:07:29 ----D---- C:\ProgramData\Skype
2010-07-24 20:38:29 ----D---- C:\Program Files\Mozilla Firefox
2010-07-17 13:12:44 ----SD---- C:\Users\AD-AM\AppData\Roaming\Microsoft
2010-07-15 10:05:04 ----D---- C:\Users\AD-AM\AppData\Roaming\Winamp
2010-07-15 08:57:48 ----D---- C:\Program Files\Winamp
2010-07-15 08:57:23 ----D---- C:\Program Files\Winamp Detect

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 14352]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-06-26 721904]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 27648]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-04-08 101904]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-04-29 4491776]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-20 7680]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-05-08 269824]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S0 AFS;AFS; C:\Windows\system32\drivers\AFS.sys [2009-06-18 77004]
S3 anov6xz1;anov6xz1; C:\Windows\system32\drivers\anov6xz1.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 iatmunin;iatmunin; \??\C:\Users\AD-AM\AppData\Local\Temp\iatmunin.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-02-15 10221568]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-04-29 176128]
R2 AMDRAIDXpert;AMD RAIDXpert; C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-09-29 110592]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-04-07 75064]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9d6e3ec9fe1d5;Služba Google Update (gupdate1c9d6e3ec9fe1d5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-17 133104]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Poprosim Vas i o druhy log s nazvem info.txt

[Dex4]

nech sa teda paci tu to je:
info.txt logfile of random's system information tool 1.08 2010-09-05 12:36:55

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /nolog/l0x0009
-->C:\Program Files\Rockstar Games\GTA San Andreas\data\Uninstall GTA_SA_SK.exe
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AM303UDP-->C:\Program Files\AM303UDP\UNINSTALL.EXE
Asistent pri prihlasovaní v sieti Windows Live-->MsiExec.exe /I{A789920E-E183-4311-9DEB-972913AB2FBF}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x5 -removeonly
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
Call of Duty - United Offensive Single Player Demo-->C:\PROGRA~1\CALLOF~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\CALLOF~1\UNINST~1\INSTALL.LOG
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Cool & Quiet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Corel MediaOne-->MsiExec.exe /I{A062A15F-9CAC-4B88-98DF-87628A0BD721}
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
ESET Smart Security-->MsiExec.exe /I{F73F733A-7E69-43E6-BA22-99124291B95F}
Fallout 3: Operation Anchorage™-->C:\Program Files\Bethesda Softworks\Fallout 3\Uninstall.exe
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
FlatOut2-->MsiExec.exe /I{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Zem-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hexen II (Hexen II: Hammer of Thyrion 1.4.3)-->C:\Program Files\Hexen2\Uninstal.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Mega Codec Pack 4.6.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Knights Of Honor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7911C404-9AFA-4BB2-B9B7-E47423D87528}\setup.exe" -l0x9
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\ProgramData\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_slk_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31}
Odovzdávací nástroj lokality Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
OpenOffice.org 3.0-->MsiExec.exe /I{24D55FAF-2AFE-46F9-8BE5-AB829C4442F4}
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PunkBuster Services-->C:\Windows\system32\pbsvc_bc2.exe -u
RAIDXpert-->C:\Program Files\InstallShield Installation Information\{8B76B8E9-F773-4B75-A08C-120079EB765E}\setup.exe -runfromtemp -l0x0409
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -l0x001b -removeonly
Realtek Ethernet Network Card Diagnostic tool for Windows Vista-->C:\Program Files\InstallShield Installation Information\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}\setup.exe -runfromtemp -l0x001b -removeonly
SimCity 2000-->MsiExec.exe /I{8D52E0F9-17A0-493B-8692-937381DDB62B}
SimCity™ Společnost Turistické destinace-->MsiExec.exe /X{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}
SimCity™ Společnost-->C:\Program Files\Electronic Arts\SimCity™ Společnost\SCS Uninstaller.exe -FromAddRemove
SimCity™ Společnost-->MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SLIM322-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x1b
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super C-->"C:\Program Files\DotNes\Super C\unins000.exe"
SWF Opener-->"C:\Program Files\UnH Solutions\SWF Opener\unins000.exe"
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}\setup.exe" -l0x9 -removeonly
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoCAM GE111-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{088B7BF8-AC95-4348-B77B-619AEB3A74A5} /l1029
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_544c8e16\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_0e4dd4bb\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C109F629-36BB-4F7B-9762-A038936CA457}
Windows Live Messenger-->MsiExec.exe /X{A62FA809-74EB-440B-B8A8-AF8A36807F19}
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
Wise Registry Cleaner Free 5.53-->"C:\Program Files\Wise Registry Cleaner\unins000.exe"
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
ZEN Media Explorer-->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /nolog/l0x0009
ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET personal firewall
AS: ESET Smart Security 3.0
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender

======System event log======

Computer Name: AD-AM-PC
Event Code: 7026
Message: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
AFS
Record Number: 211171
Source Name: Service Control Manager
Time Written: 20100512093314.000000-000
Event Type: Error
User:

Computer Name: AD-AM-PC
Event Code: 4374
Message: Služba Windows Servicing zistila, že balík KB978542(Security Update) nie je použiteľný pre tento systém
Record Number: 211019
Source Name: Microsoft-Windows-Servicing
Time Written: 20100512082620.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: AD-AM-PC
Event Code: 4374
Message: Služba Windows Servicing zistila, že balík KB905866(Update) nie je použiteľný pre tento systém
Record Number: 210940
Source Name: Microsoft-Windows-Servicing
Time Written: 20100512082609.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: AD-AM-PC
Event Code: 4374
Message: Služba Windows Servicing zistila, že balík KB978542(Security Update) nie je použiteľný pre tento systém
Record Number: 210882
Source Name: Microsoft-Windows-Servicing
Time Written: 20100512070159.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: AD-AM-PC
Event Code: 4374
Message: Služba Windows Servicing zistila, že balík KB905866(Update) nie je použiteľný pre tento systém
Record Number: 210861
Source Name: Microsoft-Windows-Servicing
Time Written: 20100512070000.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: AD-AM-PC
Event Code: 1000
Message: Chybová aplikácia Corel MediaOne.exe, verzia 2.0.0.0, časová značka 0x46c102c9, chybový modul Corel MediaOne.exe, verzia 2.0.0.0, časová značka 0x46c102c9, kód výnimky 0xc0000005, odstup chyby 0x00007499, identifikácia procesu 0xaa4, čas spustenia aplikácie 0x01c9e404c10bcb32.
Record Number: 17212
Source Name: Application Error
Time Written: 20090603043611.000000-000
Event Type: Error
User:

Computer Name: AD-AM-PC
Event Code: 1000
Message: Chybová aplikácia CTCheck.exe, verzia 1.0.5.0, časová značka 0x472fda98, chybový modul CTSUEng.ocx_unloaded, verzia 0.0.0.0, časová značka 0x45ab523a, kód výnimky 0xc0000005, odstup chyby 0x01b46840, identifikácia procesu 0xd3c, čas spustenia aplikácie 0x01c9e4046bf01ac2.
Record Number: 17211
Source Name: Application Error
Time Written: 20090603043555.000000-000
Event Type: Error
User:

Computer Name: AD-AM-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 17197
Source Name: Microsoft-Windows-WMI
Time Written: 20090603043022.000000-000
Event Type: Error
User:

Computer Name: AD-AM-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1813255741-2698365528-3413127058-1000_Classes:
Process 932 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1813255741-2698365528-3413127058-1000_CLASSES

Record Number: 17180
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090602205520.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: AD-AM-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1813255741-2698365528-3413127058-1000:
Process 932 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1813255741-2698365528-3413127058-1000

Record Number: 17179
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090602205520.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: AD-AM-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: AD-AM-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\AppPatch\AcLayers.dll
Handle ID: 0x20

Process Information:
Process ID: 0xe30
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 44580
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100222221952.269914-000
Event Type: Audit Success
User:

Computer Name: AD-AM-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: AD-AM-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\AppPatch\AcXtrnal.dll
Handle ID: 0x20

Process Information:
Process ID: 0xe30
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 44579
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100222221951.833114-000
Event Type: Audit Success
User:

Computer Name: AD-AM-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: AD-AM-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\AppPatch\drvmain.sdb
Handle ID: 0x20

Process Information:
Process ID: 0xe30
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 44578
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100222221951.817514-000
Event Type: Audit Success
User:

Computer Name: AD-AM-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: AD-AM-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\AppPatch\sysmain.sdb
Handle ID: 0x20

Process Information:
Process ID: 0xe30
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 44577
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100222221951.801914-000
Event Type: Audit Success
User:

Computer Name: AD-AM-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: AD-AM-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\AppPatch\apihex86.dll
Handle ID: 0x20

Process Information:
Process ID: 0xe30
Process Name: C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 44576
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100222221951.801914-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

[vyosek]

Omlouvam se za zpozdeni, byl jsem na nocni Jdeme na to

Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

• Nahrady za Spybota:
  • Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
  • SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
• Samozrejme pouzivejte jen jeden z nich
• Osobne doporucuji SuperAntiSpyware

Doporucuji odinstalovat klienty P2P siti - jsou potencialnim rizikem pro bezpecnost PC a jsou velmi casto zdrojem viru a haveti.

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\AD-AM.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
  R3 - URLSearchHook: (no name) - - (no file)
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  services.msc

• Kliknete na OK
• Najdete sluzby nize
• Služba Google Update
• U kazde provedte toto
  • Klik na ni pravym mysidlem a zvolit Vlastnosti
  • Nyní klik na Zastavit
  • Typ spousteni nastavit na Zakazano
  • Potvrdte kliknutim na OK

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :services
  iatmunin
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "ICQ6setup"=-
  
  :files
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\RtlNICDiagVistaStart.job
  C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
  C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk.disabled
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk.disabled
  C:\Users\AD-AM\AppData\Local\Temp
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Kliknete na cervene tlacitko MoveIt!
• Sem pote dejte obsah okna Results (pod zelenou carou)
• Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

[Dex4]

Velmi pekne dakujem za pomoc!

Vsetko slo bez problemov az pri praci s OTM. Neviem ci je to podstatne, ale program crashol predtym, nez mi nieco vyhodilo. V zlozke C:\_OTM\MovedFiles som vsak nejake presunute veci skutocne nasiel. Po opatovnom spusteni programu sa mi zobrazil aj log ktory prikladam tuto:

Kód: Vybrat vše

Files moved on Reboot...
File move failed. C:\Windows\System32\DriverStore\FileRepository\hposcu08.inf_6b5c1a40\drivers\scanner\hpqgends.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[vyosek]

Zkuste prosim jeste cely skript aplikovat znovu v nouzovem rezimu (restart PC, mackat F8, zvolit stav Nouze s praci v siti) - log opet sem bude mit podobu DatumAplikovani_CasAplikovani.txt a ulozem v c:\_OTM\MovedFiles

[Dex4]

tu to je:

Kód: Vybrat vše

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named iatmunin was found to stop!
Service\Driver key iatmunin not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ICQ6setup not found.
========== FILES ==========
File/Folder C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File/Folder C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File/Folder C:\Windows\tasks\RtlNICDiagVistaStart.job not found.
File/Folder C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll not found.
File/Folder C:\Users\AD-AM\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll not found.
File/Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk.disabled not found.
File/Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk.disabled not found.
C:\Users\AD-AM\AppData\Local\Temp\{3cbaa08a-1d7c-49b0-8d00-f8f7e6c47778} folder moved successfully.
C:\Users\AD-AM\AppData\Local\Temp\WPDNSE folder moved successfully.
C:\Users\AD-AM\AppData\Local\Temp\Low folder moved successfully.
C:\Users\AD-AM\AppData\Local\Temp\BFBC2Game_Data_DFE folder moved successfully.
C:\Users\AD-AM\AppData\Local\Temp folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\RACEFE.tmp moved successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\RACF2B7.tmp moved successfully.
File move failed. C:\Windows\System32\DriverStore\FileRepository\hposcu08.inf_6b5c1a40\drivers\scanner\hpqgends.tmp scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: AD-AM
->Temporary Internet Files folder emptied: 16820816 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65881808 bytes
->Flash cache emptied: 2178 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Pawiel
->Temp folder emptied: 52065 bytes
->Temporary Internet Files folder emptied: 9964885 bytes
->Java cache emptied: 37611005 bytes
->FireFox cache emptied: 73166525 bytes
->Flash cache emptied: 130972 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3961037 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33239 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 3733 bytes
 
Total Files Cleaned = 198,00 mb
 
 
Error creating restore point.
 
OTM by OldTimer - Version 3.1.15.0 log created on 09092010_160914

Files moved on Reboot...
File move failed. C:\Windows\System32\DriverStore\FileRepository\hposcu08.inf_6b5c1a40\drivers\scanner\hpqgends.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[vyosek]

Nedavejte prosim logy do code, spatne se to cte...Jak se chova PC

[Dex4]

je to ovela lepsie, pc nabieha a aj reaguje ovela rychlejsie a je cititelne vykonnejsi... velmi pekne dakujem za pomoc

[vyosek]

Nemate zac, ale jeste mi neutikejte

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Doporucuji provest defragmentaci disku

• Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
  • Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R
  • Vyskoci na Vas okenko, do ktereho zkopirujte text nize

  • Kód: Vybrat vše

    dfrg.msc

  • Kliknete na OK
• Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
  • Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
  • Kliknete na Analyzovat
  • Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
  • Postup provedte se vsemi disky
• Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
  • Vyhodou programku je, ze se neinstaluje
  • Staci tedy jen stahnout dle verze vaseho OS a rozbalit
  • Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
  • Probehne analyza disku a nasledne i defragmentace

Vlozte novy log ze RSITu at vime ze je vse OKi

[Dex4]

vsetky programy som pouzil, aj som defragmentoval s Defragglerom

Logfile of random's system information tool 1.08 (written by random/random)
Run by AD-AM at 2010-09-14 10:41:11
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 232 GB (46%) free of 500 GB
Total RAM: 3326 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:23, on 14. 9. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.65\aaCenter.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 5\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 5\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\AD-AM\Downloads\RSIT.exe
C:\Program Files\trend micro\AD-AM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4653 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2008-05-21 15519744]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-14 10:41:11 ----D---- C:\rsit
2010-09-13 23:03:38 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 5
2010-09-13 21:07:30 ----A---- C:\Windows\system32\kbdru666.dll
2010-09-13 21:07:29 ----A---- C:\Windows\unins000.exe
2010-09-12 18:04:10 ----D---- C:\ProgramData\NFS Underground
2010-09-12 11:47:08 ----A---- C:\Windows\system32\reboot.txt
2010-09-12 11:45:59 ----D---- C:\Users\AD-AM\AppData\Roaming\Creative
2010-09-12 11:40:32 ----D---- C:\Program Files\CCleaner
2010-09-12 11:39:04 ----D---- C:\Program Files\Defraggler
2010-09-09 16:11:47 ----ASH---- C:\hiberfil.sys
2010-09-08 18:34:17 ----D---- C:\Users\AD-AM\AppData\Roaming\SUPERAntiSpyware.com
2010-09-08 18:34:17 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-09-08 18:34:13 ----D---- C:\Program Files\SUPERAntiSpyware
2010-09-05 14:09:34 ----D---- C:\ATI
2010-09-05 10:29:56 ----D---- C:\Program Files\RegCleaner
2010-08-25 14:56:07 ----RA---- C:\Windows\system32\vp6vfw.dll
2010-08-25 14:39:15 ----AD---- C:\Master of Magic
2010-08-24 16:29:40 ----D---- C:\moo

======List of files/folders modified in the last 1 months======

2010-09-14 10:41:16 ----D---- C:\Windows\Temp
2010-09-14 10:41:16 ----D---- C:\Program Files\trend micro
2010-09-14 07:45:36 ----D---- C:\Windows\System32
2010-09-14 07:45:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-14 07:45:35 ----D---- C:\Windows\inf
2010-09-13 23:03:38 ----RD---- C:\Program Files
2010-09-13 21:07:30 ----D---- C:\Windows
2010-09-13 20:47:40 ----D---- C:\Windows\tracing
2010-09-13 18:38:08 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-09-13 15:02:22 ----D---- C:\Program Files\Common Files
2010-09-12 18:04:10 ----HD---- C:\ProgramData
2010-09-12 17:15:51 ----SHD---- C:\System Volume Information
2010-09-12 11:48:14 ----D---- C:\Windows\Prefetch
2010-09-12 11:47:12 ----SHD---- C:\Windows\Installer
2010-09-12 11:47:11 ----D---- C:\Program Files\Hewlett-Packard
2010-09-12 11:47:08 ----D---- C:\Windows\system32\drivers
2010-09-12 11:46:30 ----D---- C:\ProgramData\Creative
2010-09-12 11:46:30 ----D---- C:\Program Files\Creative
2010-09-12 11:45:50 ----RD---- C:\Program Files\Skype
2010-09-12 11:41:23 ----D---- C:\Users\AD-AM\AppData\Roaming\Media Player Classic
2010-09-12 11:41:19 ----D---- C:\Windows\Minidump
2010-09-12 11:41:19 ----D---- C:\Windows\Debug
2010-09-11 08:06:49 ----D---- C:\Windows\system32\catroot2
2010-09-09 18:30:15 ----D---- C:\Program Files\Mozilla Firefox
2010-09-09 16:09:58 ----D---- C:\Windows\system32\drivers\etc
2010-09-08 18:43:20 ----D---- C:\Windows\Tasks
2010-09-08 18:37:17 ----SD---- C:\Users\AD-AM\AppData\Roaming\Microsoft
2010-09-08 18:30:58 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-09-08 18:30:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-06 18:49:53 ----D---- C:\Users\AD-AM\AppData\Roaming\uTorrent
2010-09-05 14:14:23 ----D---- C:\Program Files\ATI
2010-09-05 14:14:13 ----D---- C:\Windows\system32\catroot
2010-09-05 14:13:33 ----D---- C:\Windows\winsxs
2010-09-05 13:51:59 ----D---- C:\Program Files\Ulead Systems
2010-09-05 11:17:02 ----D---- C:\ProgramData\WinZip
2010-09-05 11:15:22 ----D---- C:\ProgramData\Ulead Systems
2010-09-05 11:12:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-05 11:11:53 ----D---- C:\Program Files\RA303UDP
2010-09-05 11:04:53 ----D---- C:\Program Files\Nexus Radio
2010-09-05 11:03:56 ----D---- C:\games
2010-09-05 11:02:02 ----RD---- C:\FOTO
2010-09-05 10:56:11 ----D---- C:\Program Files\Free Download Manager
2010-09-05 10:53:35 ----D---- C:\ZALOHA
2010-09-05 10:44:52 ----A---- C:\Windows\win.ini
2010-09-03 19:03:02 ----D---- C:\Users\AD-AM\AppData\Roaming\Skype
2010-09-03 18:56:36 ----D---- C:\Users\AD-AM\AppData\Roaming\skypePM
2010-08-30 13:43:01 ----D---- C:\Program Files\Common Files\Nero
2010-08-30 13:39:03 ----D---- C:\ProgramData\Nero
2010-08-30 13:06:09 ----D---- C:\Users\AD-AM\AppData\Roaming\Real
2010-08-30 12:42:22 ----D---- C:\Filmy
2010-08-26 21:20:42 ----D---- C:\Program Files\EA Games
2010-08-26 16:06:46 ----RSD---- C:\Windows\assembly
2010-08-26 15:55:44 ----D---- C:\Program Files\Electronic Arts
2010-08-24 16:28:33 ----D---- C:\Program Files\DOSBox-0.72
2010-08-15 13:21:56 ----D---- C:\Program Files\Call of Duty United Offensive Single Player Demo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 14352]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-06-26 721904]
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 27648]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-04-29 4491776]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-20 7680]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-05-08 269824]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-04-08 101904]
S3 aynq5osy;aynq5osy; C:\Windows\system32\drivers\aynq5osy.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-02-15 10221568]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-04-29 176128]
R2 AMDRAIDXpert;AMD RAIDXpert; C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-09-29 110592]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-04-07 75064]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 gupdate1c9d6e3ec9fe1d5;Služba Google Update (gupdate1c9d6e3ec9fe1d5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-17 133104]

-----------------EOF-----------------

[vyosek]

Log vypada cisty

[Dex4]

este raz velmi pekne dakujem za pomoc!

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy