VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu z RSIT

https://forum.viry.cz:443/viewtopic.php?t=109214

Stránka 1 z 2

Prosím o kontrolu logu z RSIT

Napsal: 07 úno 2011 14:00
od mafl
na monitore sa mi objavila modrá obrazovka smrti...možno to poznáte ...A problem has been detected on windows has been shut don to prevent damage to your computer....atd.
neviem či je to grafickou, výrusom, alebo hardiskom vdaka za pomoc


Logfile of random's system information tool 1.08 (written by random/random)
Run by davidko at 2011-02-07 13:55:00
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (69%) free of 39 GB
Total RAM: 256 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:30, on 7. 2. 2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Documents and Settings\davidko\Desktop\RSIT.exe
C:\Program Files\trend micro\davidko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=50062
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://windiwsfsearch.com
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
R3 - URLSearchHook: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla2.dll
O2 - BHO: 675873 helper - {030A0F33-5B99-482E-83F5-2EEB8457878B} - C:\windows\system32\675873\675873.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: UrlHelper Class - {A1123C1A-5D52-4df7-B639-6346165FCD58} - C:\Program Files\BearFlix Applications\BearFlix MediaBar\BearFlixIEHelper.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: BearFlix MediaBar - {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - (no file)
O3 - Toolbar: Alawar.com Toolbar - {511131f1-4629-4254-a85f-ed7b6d75dd3c} - C:\Program Files\Alawar.com\tbAla2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\sony walkman\napster.exe /systray
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [NevoDRM] "C:\Čăđű îň NevoSoft\NevoDRM\NevoDRM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [wblogon] C:\windows\system32\algg.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [CursorFX] "C:\domaci PC\s\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [smile] C:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = G:\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfile.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfile.com/redirect.php (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} (ST WebDialer Control) - https://zona.t-com.sk/VianKampan2007/STWebDialer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECFE669-9B9D-4B3D-81ED-1FED4C95D9D0}: NameServer = 10.1.1.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4878CC1-8DBA-42CB-93DD-DA446AB0E161}: NameServer = 195.146.128.60
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9812 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{030A0F33-5B99-482E-83F5-2EEB8457878B}]
675873 Class - C:\windows\system32\675873\675873.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]
Alawar.com Toolbar - C:\Program Files\Alawar.com\tbAla2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2004-12-20 272384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1123C1A-5D52-4df7-B639-6346165FCD58}]
UrlHelper Class - C:\Program Files\BearFlix Applications\BearFlix MediaBar\BearFlixIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2005-01-21 330752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}]
C:\Program Files\Applications\iebt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll []
{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} -
{511131f1-4629-4254-a85f-ed7b6d75dd3c} - Alawar.com Toolbar - C:\Program Files\Alawar.com\tbAla2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-09-23 4616192]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-07-01 949376]
"BearFlix"=C:\Program Files\BearFlix\BearFlix.exe /pause []
"snpstd"=C:\WINDOWS\vsnpstd.exe []
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-07-31 684032]
"NapsterShell"=C:\sony walkman\napster.exe /systray []
"ContentTransferWMDetector.exe"=C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200]
"NevoDRM"=C:\Čăđű îň NevoSoft\NevoDRM\NevoDRM.exe []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"KernelFaultCheck"=C:\windows\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"user32.dll"=C:\Program Files\Video ActiveX Access\iesmn.exe []
"smile"=C:\Program Files\Applications\wcs.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-03 1667584]
"Spyware Doctor"=C:\Program Files\Spyware Doctor\swdoctor.exe [2005-01-06 1466368]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"wblogon"=C:\windows\system32\algg.exe []
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"CursorFX"=C:\domaci PC\s\Stardock\CursorFX\CursorFX.exe [2008-07-07 416768]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-01-03 15028104]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InterVideo WinCinema Manager.lnk - G:\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\OCDVDAgent.exe"="C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\OCDVDAgent.exe:*:Enabled:ObjectCube Express Agent"
"C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\AppUpdate.exe"="C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\AppUpdate.exe:*:Enabled:ObjectCube AutoUpdate"
"C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe"="C:\Program Files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe:*:Enabled:XXX2Burn DVD Wizard"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\domaci PC\diktaty\NFSHP2.exe"="C:\domaci PC\diktaty\NFSHP2.exe:*:Enabled:NFSHP2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\domaci PC\facebook-pic000934519.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-02-07 13:55:01 ----D---- C:\Program Files\trend micro
2011-02-07 13:55:00 ----D---- C:\rsit
2011-02-07 13:36:19 ----A---- C:\windows\system32\MAI4.tmp
2011-02-07 13:30:43 ----A---- C:\windows\system32\drivers\poiksl.sys
2011-02-07 13:29:31 ----A---- C:\windows\system32\drivers\mxxzwtjx.sys
2011-02-07 13:25:58 ----A---- C:\windows\system32\drivers\nizfsxea.sys
2011-02-07 09:25:14 ----A---- C:\windows\system32\drivers\dqccw.sys
2011-02-07 07:01:56 ----A---- C:\windows\system32\MAI8.tmp
2011-02-07 07:01:56 ----A---- C:\windows\system32\drivers\kqzrhnxqv.sys
2011-02-07 06:58:02 ----A---- C:\windows\system32\drivers\qygieqy.sys
2011-02-07 06:56:34 ----A---- C:\windows\system32\drivers\najmrx.sys
2011-02-07 06:51:37 ----D---- C:\Program Files\MonkeyPhoto
2011-02-07 06:51:36 ----D---- C:\Program Files\Alawar
2011-02-07 06:51:34 ----D---- C:\Program Files\Luxor
2011-02-07 06:51:34 ----D---- C:\Program Files\Alawar.com
2011-02-07 06:51:33 ----D---- C:\Program Files\Zuma's Revenge!
2011-02-07 06:51:33 ----D---- C:\Program Files\Zuma Deluxe
2011-02-07 06:43:43 ----A---- C:\windows\system32\drivers\hxhfnxs.sys
2011-02-07 06:42:23 ----A---- C:\windows\system32\MAI26.tmp
2011-02-07 06:33:55 ----A---- C:\windows\system32\MAI2.tmp
2011-02-07 06:27:31 ----A---- C:\windows\system32\drivers\lpsyeqehd.sys
2011-02-06 19:20:47 ----A---- C:\windows\system32\MAI1E.tmp
2011-02-06 19:12:47 ----A---- C:\windows\system32\drivers\nqsumd.sys
2011-02-06 19:08:46 ----A---- C:\windows\system32\drivers\elktstl.sys
2011-02-06 19:07:50 ----A---- C:\windows\system32\drivers\yxcmdfi.sys
2011-02-06 19:06:27 ----A---- C:\windows\system32\drivers\iphofoi.sys
2011-02-06 19:03:14 ----A---- C:\windows\system32\drivers\hdzbztc.sys
2011-02-06 19:00:07 ----A---- C:\windows\system32\drivers\avhlz.sys
2011-02-06 18:56:09 ----A---- C:\windows\system32\drivers\efpxtpcr.sys
2011-02-06 18:48:59 ----A---- C:\windows\system32\MAI1.tmp
2011-02-06 18:46:45 ----SHD---- C:\windows\CSC
2011-02-06 18:46:35 ----A---- C:\windows\ntbtlog.txt
2011-02-06 18:45:03 ----A---- C:\windows\system32\drivers\xwqxac.sys
2011-02-06 18:43:56 ----A---- C:\windows\system32\drivers\nlxejde.sys
2011-02-06 18:40:50 ----A---- C:\windows\system32\drivers\miaqxvtw.sys
2011-02-06 18:39:10 ----A---- C:\windows\system32\drivers\fecqcwwqt.sys
2011-02-06 18:39:03 ----D---- C:\windows\Minidump
2011-02-06 18:36:37 ----A---- C:\windows\system32\drivers\erlwzuf.sys
2011-02-06 18:10:52 ----A---- C:\windows\system32\MAI2C.tmp
2011-02-06 06:42:34 ----A---- C:\windows\system32\MAI1D.tmp
2011-02-05 18:41:19 ----A---- C:\windows\system32\MAI25.tmp
2011-02-05 09:25:21 ----A---- C:\windows\system32\MAI188C.tmp
2011-02-05 07:14:23 ----A---- C:\windows\system32\MAI35.tmp
2011-02-01 11:57:38 ----RSH---- C:\Documents and Settings\davidko\Application Data\juzjf.exe
2011-01-24 12:12:43 ----D---- C:\Program Files\ConduitEngine
2011-01-24 12:12:43 ----A---- C:\windows\system32\ConduitEngine.tmp
2011-01-18 18:36:17 ----D---- C:\Program Files\Common Files\Skype
2011-01-12 12:35:59 ----A---- C:\windows\system32\ptpusb.dll
2011-01-12 12:35:56 ----A---- C:\windows\system32\ptpusd.dll
2011-01-12 12:35:55 ----A---- C:\windows\system32\drivers\usbscan.sys

======List of files/folders modified in the last 1 months======

2011-02-07 13:55:01 ----D---- C:\Program Files
2011-02-07 13:54:47 ----D---- C:\domaci PC
2011-02-07 13:36:27 ----D---- C:\windows\system32\drivers
2011-02-07 13:36:19 ----D---- C:\windows\system32
2011-02-07 13:34:06 ----D---- C:\WINDOWS
2011-02-07 13:06:09 ----D---- C:\windows\Temp
2011-02-07 08:32:52 ----A---- C:\windows\WINCMD.INI
2011-02-07 08:29:55 ----D---- C:\windows\Album
2011-02-07 08:27:09 ----AD---- C:\wincmd4
2011-02-07 08:18:05 ----D---- C:\RAYMAN
2011-02-07 07:42:04 ----D---- C:\Documents and Settings
2011-02-07 07:39:24 ----D---- C:\My Games
2011-02-07 06:56:37 ----D---- C:\windows\system32\CatRoot2
2011-02-07 06:53:04 ----D---- C:\windows\system32\config
2011-02-07 06:52:40 ----D---- C:\windows\system32\wbem
2011-02-07 06:52:39 ----D---- C:\windows\Registration
2011-02-07 06:52:03 ----RSHDC---- C:\windows\system32\dllcache
2011-02-07 06:51:59 ----D---- C:\Install
2011-02-07 06:51:57 ----D---- C:\totalcmd
2011-02-07 06:42:41 ----D---- C:\windows\Prefetch
2011-02-06 19:38:06 ----A---- C:\windows\SchedLgU.Txt
2011-02-06 19:28:46 ----D---- C:\Documents and Settings\davidko\Application Data\Skype
2011-02-06 18:09:54 ----D---- C:\Documents and Settings\davidko\Application Data\skypePM
2011-01-24 12:04:59 ----A---- C:\windows\NeroDigital.ini
2011-01-18 18:36:50 ----SHD---- C:\windows\Installer
2011-01-18 18:36:17 ----RD---- C:\Program Files\Skype
2011-01-18 18:36:17 ----D---- C:\Program Files\Common Files
2011-01-18 18:35:50 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2007-07-26 43872]
R0 sisagp;SIS AGP Bus Filter; C:\windows\System32\DRIVERS\sisagp.sys [2004-08-03 41088]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2009-07-25 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Cdr4_xp;Cdr4_xp; C:\windows\system32\drivers\Cdr4_xp.sys [2007-06-20 9072]
R1 Cdralw2k;Cdralw2k; C:\windows\system32\drivers\Cdralw2k.sys [2007-06-20 9200]
R1 pwd_2k;pwd_2k; C:\windows\system32\drivers\pwd_2k.sys [2002-07-31 132058]
R1 UdfReadr_xp;UdfReadr_xp; C:\windows\system32\drivers\UdfReadr_xp.sys [2002-07-31 206464]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\windows\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter; C:\windows\system32\DRIVERS\rtl8180.SYS [2003-12-03 184320]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\windows\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
S0 hpbhgyhs;hpbhgyhs; C:\windows\system32\drivers\kqzrhnxqv.sys [2011-02-07 52096]
S1 cdudf_xp;cdudf_xp; C:\windows\system32\drivers\cdudf_xp.sys [2002-08-13 240128]
S1 intelppm;Intel Processor Driver; C:\windows\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
S1 nod32drv;nod32drv; C:\windows\system32\drivers\nod32drv.sys [2007-07-01 15424]
S2 AMON;AMON; C:\windows\system32\drivers\amon.sys [2007-07-01 512096]
S2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [2002-07-17 16877]
S3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 ak74cuqn;ak74cuqn; C:\windows\system32\drivers\ak74cuqn.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dvd_2K;dvd_2K; C:\windows\system32\drivers\dvd_2K.sys [2002-07-31 25578]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\windows\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 mmc_2K;mmc_2K; C:\windows\system32\drivers\mmc_2K.sys [2002-07-31 30246]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2003-09-23 1265130]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2002-12-05 534976]
S3 snpstd;VideoCAM Eye; C:\windows\system32\DRIVERS\snpstd.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\windows\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-15 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-07-01 552064]
S2 NVSvc;NVIDIA Driver Helper Service; C:\windows\System32\nvsvc32.exe [2003-09-23 69632]
S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-03 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Re: Prosím o kontrolu logu z RSIT

Napsal: 07 úno 2011 16:58
od vyosek
Zdravim a pekny den preji :)

:arrow: Podivejte se do slozky C:\windows\minidump ci tam mate nejake soubory, pokud ano, tak je zabalte a uploadnete sem http://vyosek.ic.cz/havet/uploader.php

:arrow: Mate tam celou zoo s babkou pokladni, haveti od sklepa az na pudu :arcisit:

:arrow: Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Re: Prosím o kontrolu logu z RSIT

Napsal: 08 úno 2011 20:12
od mafl
Dobrý večer....pridávam to info.txt

info.txt logfile of random's system information tool 1.08 2011-02-08 20:04:31

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Weflirt/uninstall.exe
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE Mega CoDecS Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFF5DEE7-8107-436B-9726-7573458FE6AE}\Setup.exe" -l0x9
Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 9.4.0 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A94000000001}
Age of Mythology-->"C:\domaci PC\DIKTATY\UNINSTAL.EXE" /runtemp /addremove
Alawar Game Box-->C:\Program Files\Alawar\AlawarGameBox\Uninstall.exe
Alawar.com Toolbar-->C:\PROGRA~1\Alawar.com\UNWISE.EXE C:\PROGRA~1\Alawar.com\INSTALL.LOG
ArtBorders-->C:\Program Files\ArtBorders\uninstall.exe
Call of Duty Single Player Demo-->C:\DOMACI~1\diktaty\Uninstall\Unwise.exe /u C:\DOMACI~1\diktaty\Uninstall\Install.log
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Content Transfer-->MsiExec.exe /X{CFADE4AF-C0CF-4A04-A776-741318F1658F}
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Cs Non Steam-->MsiExec.exe /I{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
FileSpecs extension for Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\FILESP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\FILESP~1\INSTALL.LOG
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HF Designer-->"C:\Program Files\HappyFoto\HF Designer\unins000.exe"
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
LSP Explorer Pluginfor Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
Microsoft Motocross Madness 2-->"C:\domaci PC\auta\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Môj CEWE Fotosvet-->"C:\Program Files\Fotolab\Môj CEWE Fotosvet\uninstall.exe"
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Need For Speed Underground-->C:\domaci PC\DIKTATY\EAUninstall.exe
Nero 7 Essentials-->MsiExec.exe /X{8A8C4EAC-9AB7-45FA-9480-5716FD261051}
NOD32 Antivirus System-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Opera 9.62-->MsiExec.exe /X{D9226EB1-C528-48AC-B423-BD9240E1F60B}
RS1-->C:\windows\UbiSoft\UbiSetup.exe -uninstall RS1
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Doctor 3.1-->"C:\Program Files\Spyware Doctor\unins000.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
TeamSpeak 2 RC2-->"C:\domaci PC\DIKTATY\Teamspeak2_RC2\unins000.exe"
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Total Immersion Racing-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2FE0127-0F86-43C7-824E-AA78E6B5F4F3}\setup.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Windows Installer 3.1 (KB893803)-->"C:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Support Tools-->MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XnView 1.91-->"C:\Program Files\XnView\unins000.exe"
Zuma Deluxe 1.0-->C:\Program Files\Zuma Deluxe\Uninstal.exe
Zuma Deluxe-->"C:\Program Files\Zuma Deluxe\ReflexiveArcade\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Eset NOD32 Antivirus 2.70 (disabled) (outdated)

======System event log======

Computer Name: OSO
Event Code: 7036
Message: Služba Background Intelligent Transfer Service vstúpila do stavu Spustené.

Record Number: 48423
Source Name: Service Control Manager
Time Written: 20101123071629.000000+060
Event Type: informácie
User:

Computer Name: OSO
Event Code: 7035
Message: Službe SSDP Discovery Service bolo úspešne odoslané riadenie Spustené.

Record Number: 48422
Source Name: Service Control Manager
Time Written: 20101123071625.000000+060
Event Type: informácie
User: NT AUTHORITY\SYSTEM

Computer Name: OSO
Event Code: 7036
Message: Služba Network Location Awareness (NLA) vstúpila do stavu Spustené.

Record Number: 48421
Source Name: Service Control Manager
Time Written: 20101123071604.000000+060
Event Type: informácie
User:

Computer Name: OSO
Event Code: 7035
Message: Službe Network Location Awareness (NLA) bolo úspešne odoslané riadenie Spustené.

Record Number: 48420
Source Name: Service Control Manager
Time Written: 20101123071604.000000+060
Event Type: informácie
User: NT AUTHORITY\SYSTEM

Computer Name: OSO
Event Code: 7035
Message: Službe Background Intelligent Transfer Service bolo úspešne odoslané riadenie Spustené.

Record Number: 48419
Source Name: Service Control Manager
Time Written: 20101123071604.000000+060
Event Type: informácie
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: OSO
Event Code: 103
Message: wuaueng.dll (1856) SUS20ClientDataStore: The database engine stopped the instance (0).

Record Number: 5
Source Name: ESENT
Time Written: 20100430063237.000000+120
Event Type: informácie
User:

Computer Name: OSO
Event Code: 102
Message: wuaueng.dll (1856) SUS20ClientDataStore: The database engine started a new instance (0).

Record Number: 4
Source Name: ESENT
Time Written: 20100430062720.000000+120
Event Type: informácie
User:

Computer Name: OSO
Event Code: 100
Message: wuauclt (1856) The database engine 5.01.2600.2180 started.

Record Number: 3
Source Name: ESENT
Time Written: 20100430062720.000000+120
Event Type: informácie
User:

Computer Name: OSO
Event Code: 1800
Message: Služba Centrum zabezpečenia systému Windows sa spustila.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20100430062632.000000+120
Event Type: informácie
User:

Computer Name: OSO
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 1
Source Name: LightScribeService
Time Written: 20100430062502.000000+120
Event Type: informácie
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Support Tools\;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Re: Prosím o kontrolu logu z RSIT

Napsal: 08 úno 2011 20:14
od mafl
a tie súbory som poslal bolo ich tam 5

Re: Prosím o kontrolu logu z RSIT

Napsal: 08 úno 2011 21:41
od vyosek
:arrow: Ok, soubory mam a poprosim kolegu at na to mrkne :wink:

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Prosím o kontrolu logu z RSIT

Napsal: 09 úno 2011 13:46
od mafl
je tu menší problém s combofixom...po reštarte mi nabehne windows ale zaroven mi nabehne aj tá modrá obrazovka. Musím ísť do núdzového režimu ale tam ten log s combofixu nie je ....je tam ale len toto

ComboFix 11-02-08.03 - davidko . 02. 2011 13:23:23.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.256.159 [GMT 1:00]
Running from: C:\Documents and Settings\davidko\My Documents\Downloads\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

Re: Prosím o kontrolu logu z RSIT

Napsal: 09 úno 2011 14:04
od mafl
tak nakoniec sa podarilo tu je ten log z combofixu

ComboFix 11-02-08.03 - davidko . 02. 2011 13:51:27.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.256.140 [GMT 1:00]
Running from: c:\documents and settings\davidko\My Documents\Downloads\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\str.sys
.
---- Previous Run -------
.
c:\documents and settings\davidko\Application Data\juzjf.exe
c:\documents and settings\davidko\Local Settings\Application Data\DoubleD
c:\program files\Applications\myd.ico
c:\program files\Applications\mym.ico
c:\program files\Applications\myp.ico
c:\program files\Applications\myv.ico
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\windows\system32\675873
c:\windows\system32\drivers\bhkhunmitfqrjxy.sys
c:\windows\system32\drivers\jaboiub.sys
c:\windows\system32\drivers\kqzrhnxqv.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\tvtepc.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GPWNDHAEMWHAOAO
-------\Legacy_HPBHGYHS
-------\Legacy_RQEUVKD
-------\Service_gpwndhaemwhaoao
-------\Service_hlvwconwuu
-------\Service_hpbhgyhs
-------\Service_rqeuvkd


((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 12:36 . 2011-02-09 12:36 741888 ----a-w- c:\windows\system32\drivers\lwkbodg.sys
2011-02-08 19:03 . 2011-02-08 19:04 -------- d-----w- C:\rsit
2011-02-08 16:38 . 2011-02-09 12:35 52096 ----a-w- c:\windows\system32\drivers\tvtepc.sys
2011-02-08 16:38 . 2011-02-08 16:38 18300 ----a-w- c:\windows\system32\MAIA.tmp
2011-02-08 06:52 . 2011-02-08 06:51 229888 ----a-w- c:\windows\system32\zyssoofepuk.exe
2011-02-08 06:51 . 2011-02-08 06:51 229888 ----a-w- c:\windows\system32\jogacoussoo.exe
2011-02-08 06:46 . 2011-02-08 06:46 741888 ----a-w- c:\windows\system32\drivers\wezufcr.sys
2011-02-08 06:44 . 2011-02-08 06:44 741888 ----a-w- c:\windows\system32\drivers\pedgi.sys
2011-02-07 19:43 . 2011-02-07 19:43 18300 ----a-w- c:\windows\system32\MAI37.tmp
2011-02-07 18:50 . 2011-02-07 18:50 741888 ----a-w- c:\windows\system32\drivers\ndpyfd.sys
2011-02-07 18:49 . 2011-02-07 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2011-02-07 17:33 . 2011-02-07 17:33 741888 ----a-w- c:\windows\system32\drivers\kvzhlv.sys
2011-02-07 15:37 . 2011-02-07 15:37 741888 ----a-w- c:\windows\system32\drivers\ovhxlgmms.sys
2011-02-07 15:36 . 2011-02-07 15:36 741888 ----a-w- c:\windows\system32\drivers\nqiiqae.sys
2011-02-07 13:36 . 2011-02-07 13:36 741888 ----a-w- c:\windows\system32\drivers\zoxzibp.sys
2011-02-07 13:34 . 2011-02-07 13:34 741888 ----a-w- c:\windows\system32\drivers\nglligj.sys
2011-02-07 13:32 . 2011-02-07 13:32 741888 ----a-w- c:\windows\system32\drivers\byjnkkun.sys
2011-02-07 13:19 . 2011-02-07 13:19 741888 ----a-w- c:\windows\system32\drivers\ldddrn.sys
2011-02-07 13:17 . 2011-02-07 13:17 741888 ----a-w- c:\windows\system32\drivers\flhosrhr.sys
2011-02-07 12:55 . 2011-02-08 19:04 -------- d-----w- c:\program files\trend micro
2011-02-07 12:36 . 2011-02-07 12:36 18300 ----a-w- c:\windows\system32\MAI4.tmp
2011-02-07 12:30 . 2011-02-07 12:30 741888 ----a-w- c:\windows\system32\drivers\poiksl.sys
2011-02-07 12:29 . 2011-02-07 12:29 741888 ----a-w- c:\windows\system32\drivers\mxxzwtjx.sys
2011-02-07 12:25 . 2011-02-07 12:25 741888 ----a-w- c:\windows\system32\drivers\nizfsxea.sys
2011-02-07 08:25 . 2011-02-07 08:25 741888 ----a-w- c:\windows\system32\drivers\dqccw.sys
2011-02-07 06:01 . 2011-02-07 06:01 18300 ----a-w- c:\windows\system32\MAI8.tmp
2011-02-07 05:58 . 2011-02-07 05:58 741888 ----a-w- c:\windows\system32\drivers\qygieqy.sys
2011-02-07 05:56 . 2011-02-07 05:56 741888 ----a-w- c:\windows\system32\drivers\najmrx.sys
2011-02-07 05:52 . 2011-02-07 05:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-07 05:43 . 2011-02-07 05:43 741888 ----a-w- c:\windows\system32\drivers\hxhfnxs.sys
2011-02-07 05:42 . 2011-02-07 05:42 18300 ----a-w- c:\windows\system32\MAI26.tmp
2011-02-07 05:33 . 2011-02-07 05:33 18300 ----a-w- c:\windows\system32\MAI2.tmp
2011-02-07 05:27 . 2011-02-07 05:27 741888 ----a-w- c:\windows\system32\drivers\lpsyeqehd.sys
2011-02-06 18:20 . 2011-02-06 18:20 18300 ----a-w- c:\windows\system32\MAI1E.tmp
2011-02-06 18:12 . 2011-02-06 18:12 739328 ----a-w- c:\windows\system32\drivers\nqsumd.sys
2011-02-06 18:08 . 2011-02-06 18:08 739328 ----a-w- c:\windows\system32\drivers\elktstl.sys
2011-02-06 18:07 . 2011-02-06 18:07 739328 ----a-w- c:\windows\system32\drivers\yxcmdfi.sys
2011-02-06 18:06 . 2011-02-06 18:06 739328 ----a-w- c:\windows\system32\drivers\iphofoi.sys
2011-02-06 18:03 . 2011-02-06 18:03 739328 ----a-w- c:\windows\system32\drivers\hdzbztc.sys
2011-02-06 18:00 . 2011-02-06 18:00 739328 ----a-w- c:\windows\system32\drivers\avhlz.sys
2011-02-06 17:56 . 2011-02-06 17:56 739328 ----a-w- c:\windows\system32\drivers\efpxtpcr.sys
2011-02-06 17:48 . 2011-02-06 17:48 18300 ----a-w- c:\windows\system32\MAI1.tmp
2011-02-06 17:45 . 2011-02-06 17:45 739328 ----a-w- c:\windows\system32\drivers\xwqxac.sys
2011-02-06 17:43 . 2011-02-06 17:43 739328 ----a-w- c:\windows\system32\drivers\nlxejde.sys
2011-02-06 17:40 . 2011-02-06 17:40 739328 ----a-w- c:\windows\system32\drivers\miaqxvtw.sys
2011-02-06 17:39 . 2011-02-06 17:39 739328 ----a-w- c:\windows\system32\drivers\fecqcwwqt.sys
2011-02-06 17:36 . 2011-02-06 17:36 739328 ----a-w- c:\windows\system32\drivers\erlwzuf.sys
2011-02-06 17:10 . 2011-02-06 17:10 18300 ----a-w- c:\windows\system32\MAI2C.tmp
2011-02-06 05:42 . 2011-02-06 05:42 18300 ----a-w- c:\windows\system32\MAI1D.tmp
2011-02-05 17:41 . 2011-02-05 17:41 18300 ----a-w- c:\windows\system32\MAI25.tmp
2011-02-05 08:25 . 2011-02-05 08:25 18300 ----a-w- c:\windows\system32\MAI188C.tmp
2011-02-05 06:14 . 2011-02-05 06:14 18300 ----a-w- c:\windows\system32\MAI35.tmp
2011-02-01 13:17 . 2011-02-01 13:17 102400 ----a-w- c:\windows\nvsvc32.Vexe
2011-01-24 11:12 . 2011-01-31 14:05 -------- d-----w- c:\documents and settings\davidko\Local Settings\Application Data\ConduitEngine
2011-01-24 11:12 . 2011-01-24 11:12 -------- d-----w- c:\program files\ConduitEngine
2011-01-24 11:12 . 2011-01-24 11:12 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-01-18 17:36 . 2011-01-18 17:36 -------- d-----w- c:\program files\Common Files\Skype
2011-01-12 11:35 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-01-12 11:35 . 2004-08-03 23:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-01-12 11:35 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-01-12 11:35 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-07 05:56 . 2007-06-23 19:19 741888 ----a-w- c:\windows\system32\drivers\aec.sys
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-05-06 16:42 . 2008-09-06 19:59 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2011-02-07 05:56 . E72D4570CBB840D32F6DDDEFA0CC2077 . 741888 . . [6.0.6000.16386] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2002-08-28 21:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\$NtServicePackUninstall$\aec.sys

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{511131F1-4629-4254-A85F-ED7B6D75DD3C}"= "c:\program files\Alawar.com\tbAla2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Alawar.com\tbAla2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{511131f1-4629-4254-a85f-ed7b6d75dd3c}"= "c:\program files\Alawar.com\tbAla2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{511131F1-4629-4254-A85F-ED7B6D75DD3C}"= "c:\program files\Alawar.com\tbAla2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2005-01-06 1466368]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"CursorFX"="c:\domaci pc\s\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"Google Update"="c:\documents and settings\davidko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-02-07 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-23 4616192]
"nwiz"="nwiz.exe" [2003-09-23 323584]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-01 949376]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-07-31 684032]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"pywou"="c:\windows\system32\jogacoussoo.exe" [2011-02-08 229888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - g:\common\Bin\WinCinemaMgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\domaci PC\\facebook-pic000934519.exe"= c:\\windows\\nvsvc32.exe

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25. 7. 2009 12:16 721904]
R3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter;c:\windows\system32\drivers\rtl8180.sys [1. 7. 2007 19:44 184320]
S0 553136062;553136062;c:\windows\system32\drivers\553136062.sys --> c:\windows\system32\drivers\553136062.sys [?]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [1. 7. 2007 19:57 15424]
S2 akeuiegyiiaio;BCL easyPDF SDK Loader;c:\windows\system32\zyssoofepuk.exe [8. 2. 2011 7:52 229888]
.
Contents of the 'Scheduled Tasks' folder

2011-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-879983540-2147116355-1003Core.job
- c:\documents and settings\davidko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-07 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60337
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://windiwsfsearch.com
mSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
mSearch Bar = hxxp://windiwsfsearch.com/ie6.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://windiwsfsearch.com
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {9ECFE669-9B9D-4B3D-81ED-1FED4C95D9D0} = 10.1.1.2
TCP: {A4878CC1-8DBA-42CB-93DD-DA446AB0E161} = 195.146.128.60
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} - hxxps://zona.t-com.sk/VianKampan2007/STWebDialer.cab
FF - ProfilePath - c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60337&qkw=
FF - prefs.js: network.proxy.type - 0
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
BHO-{A1123C1A-5D52-4df7-B639-6346165FCD58} - c:\program files\BearFlix Applications\BearFlix MediaBar\BearFlixIEHelper.dll
Toolbar-{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - (no file)
WebBrowser-{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - (no file)
AddRemove-Age of Mythology 1.0 - c:\domaci pc\DIKTATY\UNINSTAL.EXE
AddRemove-Call of Duty Single Player Demo - c:\domaci~1\diktaty\Uninstall\Unwise.exe
AddRemove-DialMessenger_is1 - c:\program files\Weflirt
AddRemove-FileSpecs extension for Ad-aware 6 - c:\progra~1\Lavasoft\AD-AWA~1\Plugins\FILESP~1\UNWISE.EXE
AddRemove-LSP Explorer Pluginfor Ad-aware 6 - c:\progra~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE
AddRemove-Motocross Madness 2 - c:\domaci pc\auta\UNINSTAL.EXE
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
AddRemove-Teamspeak 2 RC2_is1 - c:\domaci pc\DIKTATY\Teamspeak2_RC2\unins000.exe
AddRemove-{A99968BE-C155-474C-0089-33239DEE1CE2} - c:\domaci pc\DIKTATY\EAUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 13:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-09 14:03:09
ComboFix-quarantined-files.txt 2011-02-09 13:02

Pre-Run: 29 424 553 984 bytes free
Post-Run: 16 adresárov, 29 383 548 928 voľných bajtov

- - End Of File - - 786DEF09804398F07107BADD298C9D8D

Re: Prosím o kontrolu logu z RSIT

Napsal: 09 úno 2011 17:21
od vyosek
:arrow: Hezka sbirecka rootkitu :arcisit: Uvidime jestli je dokaze CF smazat vsechny

:arrow: Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

:arrow: Pokud CF nabidne instalaci konzoly pro zotaveni tak souhlaste a nechte ji nainstalovat

:arrow: Prejmenujte ComboFix na Beruska.com

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

File::
c:\windows\system32\drivers\lwkbodg.sys
c:\windows\system32\drivers\tvtepc.sys
c:\windows\system32\MAIA.tmp
c:\windows\system32\zyssoofepuk.exe
c:\windows\system32\jogacoussoo.exe
c:\windows\system32\drivers\wezufcr.sys
c:\windows\system32\drivers\pedgi.sys
c:\windows\system32\MAI37.tmp
c:\windows\system32\drivers\ndpyfd.sys
c:\windows\system32\drivers\kvzhlv.sys
c:\windows\system32\drivers\ovhxlgmms.sys
c:\windows\system32\drivers\nqiiqae.sys
c:\windows\system32\drivers\zoxzibp.sys
c:\windows\system32\drivers\nglligj.sys
c:\windows\system32\drivers\byjnkkun.sys
c:\windows\system32\drivers\ldddrn.sys
c:\windows\system32\drivers\flhosrhr.sys
c:\windows\system32\MAI4.tmp
c:\windows\system32\drivers\poiksl.sys
c:\windows\system32\drivers\mxxzwtjx.sys
c:\windows\system32\drivers\nizfsxea.sys
c:\windows\system32\drivers\dqccw.sys
c:\windows\system32\MAI8.tmp
c:\windows\system32\drivers\qygieqy.sys
c:\windows\system32\drivers\najmrx.sys
c:\windows\system32\wbem\Repository
c:\windows\system32\drivers\hxhfnxs.sys
c:\windows\system32\MAI26.tmp
c:\windows\system32\MAI2.tmp
c:\windows\system32\drivers\lpsyeqehd.sys
c:\windows\system32\MAI1E.tmp
c:\windows\system32\drivers\nqsumd.sys
c:\windows\system32\drivers\elktstl.sys
c:\windows\system32\drivers\yxcmdfi.sys
c:\windows\system32\drivers\iphofoi.sys
c:\windows\system32\drivers\hdzbztc.sys
c:\windows\system32\drivers\avhlz.sys
c:\windows\system32\drivers\efpxtpcr.sys
c:\windows\system32\MAI1.tmp
c:\windows\system32\drivers\xwqxac.sys
c:\windows\system32\drivers\nlxejde.sys
c:\windows\system32\drivers\miaqxvtw.sys
c:\windows\system32\drivers\fecqcwwqt.sys
c:\windows\system32\drivers\erlwzuf.sys
c:\windows\system32\MAI2C.tmp
c:\windows\system32\MAI1D.tmp
c:\windows\system32\MAI25.tmp
c:\windows\system32\MAI188C.tmp
c:\windows\system32\MAI35.tmp
c:\windows\nvsvc32.Vexe
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\jogacoussoo.exe
c:\\domaci PC\\facebook-pic000934519.exe
c:\windows\system32\drivers\553136062.sys
c:\windows\system32\zyssoofepuk.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-879983540-2147116355-1003Core.job

Restore::
c:\windows\system32\drivers\aec.sys

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{511131F1-4629-4254-A85F-ED7B6D75DD3C}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{511131f1-4629-4254-a85f-ed7b6d75dd3c}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{511131F1-4629-4254-A85F-ED7B6D75DD3C}"=-
[-HKEY_CLASSES_ROOT\clsid\{511131f1-4629-4254-a85f-ed7b6d75dd3c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"=-
"SpybotSD TeaTimer"=-
"AlcoholAutomount"=-
"Google Update"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"pywou"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\domaci PC\\facebook-pic000934519.exe"=-

Driver::
553136062
akeuiegyiiaio
Folder::
c:\program files\Alawar.com

DDs::
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60337
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://windiwsfsearch.com
mSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
mSearch Bar = hxxp://windiwsfsearch.com/ie6.html
mSearchURL = hxxp://windiwsfsearch.com
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

Firefox::
FF - ProfilePath - c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60337&qkw=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Prosím o kontrolu logu z RSIT

Napsal: 09 úno 2011 19:43
od mafl
Pripájam log z combofixu

ComboFix 11-02-09.02 - davidko . 02. 2011 19:12:04.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.256.144 [GMT 1:00]
Running from: c:\domaci pc\ComboFix.exe
Command switches used :: c:\documents and settings\davidko\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\\domaci PC\\facebook-pic000934519.exe"
"c:\windows\nvsvc32.Vexe"
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\system32\drivers\553136062.sys"
"c:\windows\system32\drivers\avhlz.sys"
"c:\windows\system32\drivers\byjnkkun.sys"
"c:\windows\system32\drivers\dqccw.sys"
"c:\windows\system32\drivers\efpxtpcr.sys"
"c:\windows\system32\drivers\elktstl.sys"
"c:\windows\system32\drivers\erlwzuf.sys"
"c:\windows\system32\drivers\fecqcwwqt.sys"
"c:\windows\system32\drivers\flhosrhr.sys"
"c:\windows\system32\drivers\hdzbztc.sys"
"c:\windows\system32\drivers\hxhfnxs.sys"
"c:\windows\system32\drivers\iphofoi.sys"
"c:\windows\system32\drivers\kvzhlv.sys"
"c:\windows\system32\drivers\ldddrn.sys"
"c:\windows\system32\drivers\lpsyeqehd.sys"
"c:\windows\system32\drivers\lwkbodg.sys"
"c:\windows\system32\drivers\miaqxvtw.sys"
"c:\windows\system32\drivers\mxxzwtjx.sys"
"c:\windows\system32\drivers\najmrx.sys"
"c:\windows\system32\drivers\ndpyfd.sys"
"c:\windows\system32\drivers\nglligj.sys"
"c:\windows\system32\drivers\nizfsxea.sys"
"c:\windows\system32\drivers\nlxejde.sys"
"c:\windows\system32\drivers\nqiiqae.sys"
"c:\windows\system32\drivers\nqsumd.sys"
"c:\windows\system32\drivers\ovhxlgmms.sys"
"c:\windows\system32\drivers\pedgi.sys"
"c:\windows\system32\drivers\poiksl.sys"
"c:\windows\system32\drivers\qygieqy.sys"
"c:\windows\system32\drivers\tvtepc.sys"
"c:\windows\system32\drivers\wezufcr.sys"
"c:\windows\system32\drivers\xwqxac.sys"
"c:\windows\system32\drivers\yxcmdfi.sys"
"c:\windows\system32\drivers\zoxzibp.sys"
"c:\windows\system32\jogacoussoo.exe"
"c:\windows\system32\MAI1.tmp"
"c:\windows\system32\MAI188C.tmp"
"c:\windows\system32\MAI1D.tmp"
"c:\windows\system32\MAI1E.tmp"
"c:\windows\system32\MAI2.tmp"
"c:\windows\system32\MAI25.tmp"
"c:\windows\system32\MAI26.tmp"
"c:\windows\system32\MAI2C.tmp"
"c:\windows\system32\MAI35.tmp"
"c:\windows\system32\MAI37.tmp"
"c:\windows\system32\MAI4.tmp"
"c:\windows\system32\MAI8.tmp"
"c:\windows\system32\MAIA.tmp"
"c:\windows\system32\wbem\Repository"
"c:\windows\system32\zyssoofepuk.exe"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-879983540-2147116355-1003Core.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\domaci PC\\facebook-pic000934519.exe
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\program files\Alawar.com
c:\program files\Alawar.com\Alawar.comToolbarHelper.exe
c:\program files\Alawar.com\Alawar.comToolbarHelper1.exe
c:\program files\Alawar.com\tbAla0.dll
c:\program files\Alawar.com\tbAla1.dll
c:\program files\Alawar.com\tbAla2.dll
c:\program files\Alawar.com\tbAlaw.dll
c:\program files\Alawar.com\toolbar.cfg
c:\program files\Alawar.com\UNWISE.EXE
c:\windows\nvsvc32.Vexe
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\drivers\avhlz.sys
c:\windows\system32\drivers\byjnkkun.sys
c:\windows\system32\drivers\dqccw.sys
c:\windows\system32\drivers\efpxtpcr.sys
c:\windows\system32\drivers\elktstl.sys
c:\windows\system32\drivers\erlwzuf.sys
c:\windows\system32\drivers\fecqcwwqt.sys
c:\windows\system32\drivers\flhosrhr.sys
c:\windows\system32\drivers\hdzbztc.sys
c:\windows\system32\drivers\hxhfnxs.sys
c:\windows\system32\drivers\iphofoi.sys
c:\windows\system32\drivers\kvzhlv.sys
c:\windows\system32\drivers\ldddrn.sys
c:\windows\system32\drivers\lpsyeqehd.sys
c:\windows\system32\drivers\lwkbodg.sys
c:\windows\system32\drivers\miaqxvtw.sys
c:\windows\system32\drivers\mxxzwtjx.sys
c:\windows\system32\drivers\najmrx.sys
c:\windows\system32\drivers\ndpyfd.sys
c:\windows\system32\drivers\nglligj.sys
c:\windows\system32\drivers\nizfsxea.sys
c:\windows\system32\drivers\nlxejde.sys
c:\windows\system32\drivers\nqiiqae.sys
c:\windows\system32\drivers\nqsumd.sys
c:\windows\system32\drivers\ovhxlgmms.sys
c:\windows\system32\drivers\pedgi.sys
c:\windows\system32\drivers\poiksl.sys
c:\windows\system32\drivers\qygieqy.sys
c:\windows\system32\drivers\tvtepc.sys
c:\windows\system32\drivers\wezufcr.sys
c:\windows\system32\drivers\xwqxac.sys
c:\windows\system32\drivers\yxcmdfi.sys
c:\windows\system32\drivers\zoxzibp.sys
c:\windows\system32\jogacoussoo.exe
c:\windows\system32\MAI1.tmp
c:\windows\system32\MAI188C.tmp
c:\windows\system32\MAI1D.tmp
c:\windows\system32\MAI1E.tmp
c:\windows\system32\MAI2.tmp
c:\windows\system32\MAI25.tmp
c:\windows\system32\MAI26.tmp
c:\windows\system32\MAI2C.tmp
c:\windows\system32\MAI35.tmp
c:\windows\system32\MAI37.tmp
c:\windows\system32\MAI4.tmp
c:\windows\system32\MAI8.tmp
c:\windows\system32\MAIA.tmp
c:\windows\system32\zyssoofepuk.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-879983540-2147116355-1003Core.job

Infected copy of c:\windows\system32\drivers\aec.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\aec.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_553136062
-------\Legacy_AKEUIEGYIIAIO
-------\Service_553136062
-------\Service_akeuiegyiiaio


((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
.

2011-02-09 18:02 . 2011-02-09 18:02 -------- d-----w- c:\documents and settings\davidko\Application Data\TeamViewer
2011-02-09 18:01 . 2011-02-09 18:01 -------- d-----w- c:\program files\TeamViewer
2011-02-09 13:16 . 2011-02-09 13:16 741888 ----a-w- c:\windows\system32\drivers\sqoehbk.sys
2011-02-09 13:14 . 2011-02-09 13:14 741888 ----a-w- c:\windows\system32\drivers\cyasmlwxo.sys
2011-02-09 13:12 . 2011-02-09 13:12 741888 ----a-w- c:\windows\system32\drivers\shrmg.sys
2011-02-09 13:11 . 2011-02-09 13:11 741888 ----a-w- c:\windows\system32\drivers\aqyanav.sys
2011-02-08 19:03 . 2011-02-08 19:04 -------- d-----w- C:\rsit
2011-02-07 18:49 . 2011-02-07 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2011-02-07 12:55 . 2011-02-08 19:04 -------- d-----w- c:\program files\trend micro
2011-02-07 05:52 . 2011-02-07 05:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-24 11:12 . 2011-01-31 14:05 -------- d-----w- c:\documents and settings\davidko\Local Settings\Application Data\ConduitEngine
2011-01-24 11:12 . 2011-01-24 11:12 -------- d-----w- c:\program files\ConduitEngine
2011-01-18 17:36 . 2011-01-18 17:36 -------- d-----w- c:\program files\Common Files\Skype
2011-01-12 11:35 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-01-12 11:35 . 2004-08-03 23:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-01-12 11:35 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-01-12 11:35 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:17 . 2008-07-11 17:52 98304 ----a-w- c:\windows\DUMP5b10.tmp
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-05-06 16:42 . 2008-09-06 19:59 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1123C1A-5D52-4df7-B639-6346165FCD58}]
c:\program files\BearFlix Applications\BearFlix MediaBar\BearFlixIEHelper.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\domaci pc\s\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-23 4616192]
"nwiz"="nwiz.exe" [2003-09-23 323584]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-01 949376]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-07-31 684032]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - g:\common\Bin\WinCinemaMgr.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25. 7. 2009 12:16 721904]
R3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter;c:\windows\system32\drivers\rtl8180.sys [1. 7. 2007 19:44 184320]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [1. 7. 2007 19:57 15424]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {9ECFE669-9B9D-4B3D-81ED-1FED4C95D9D0} = 10.1.1.2
TCP: {A4878CC1-8DBA-42CB-93DD-DA446AB0E161} = 195.146.128.60
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} - hxxps://zona.t-com.sk/VianKampan2007/STWebDialer.cab
FF - ProfilePath - c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - (no file)
WebBrowser-{0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - (no file)
AddRemove-Alawar.com Toolbar - c:\progra~1\Alawar.com\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 19:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2011-02-09 19:27:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-09 18:27
ComboFix2.txt 2011-02-09 13:03

Pre-Run: 29 224 046 592 bytes free
Post-Run: 16 adresárov, 29 163 016 192 voľných bajtov

- - End Of File - - F4F481B6D3C579DD1241F27116AD0545

Re: Prosím o kontrolu logu z RSIT

Napsal: 10 úno 2011 08:35
od vyosek
Dalsi skript pro ComboFix

Kód: Vybrat vše

File::
c:\windows\system32\drivers\sqoehbk.sys
c:\windows\system32\drivers\cyasmlwxo.sys
c:\windows\system32\drivers\shrmg.sys
c:\windows\system32\drivers\aqyanav.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000

Re: Prosím o kontrolu logu z RSIT

Napsal: 11 úno 2011 15:10
od mafl
log

ComboFix 11-02-10.01 - davidko . 02. 2011 14:46:55.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.256.8 [GMT 1:00]
Running from: c:\domaci pc\ComboFix.exe
Command switches used :: c:\documents and settings\davidko\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\aqyanav.sys"
"c:\windows\system32\drivers\cyasmlwxo.sys"
"c:\windows\system32\drivers\shrmg.sys"
"c:\windows\system32\drivers\sqoehbk.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\aqyanav.sys
c:\windows\system32\drivers\cyasmlwxo.sys
c:\windows\system32\drivers\shrmg.sys
c:\windows\system32\drivers\sqoehbk.sys

.
((((((((((((((((((((((((( Files Created from 2011-01-11 to 2011-02-11 )))))))))))))))))))))))))))))))
.

2011-02-11 12:56 . 2011-02-11 12:56 -------- d-----w- c:\windows\LastGood
2011-02-11 06:31 . 2004-08-03 22:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-02-11 06:27 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-02-11 06:21 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-02-11 06:19 . 2009-07-31 04:57 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-02-11 06:18 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-02-11 05:45 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-02-11 05:37 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-02-11 05:36 . 2010-06-14 14:30 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-02-10 18:46 . 2011-02-11 12:57 -------- d--h--w- c:\windows\$hf_mig$
2011-02-09 18:02 . 2011-02-09 18:02 -------- d-----w- c:\documents and settings\davidko\Application Data\TeamViewer
2011-02-09 18:01 . 2011-02-09 18:01 -------- d-----w- c:\program files\TeamViewer
2011-02-08 19:03 . 2011-02-08 19:04 -------- d-----w- C:\rsit
2011-02-07 18:49 . 2011-02-07 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2011-02-07 12:55 . 2011-02-08 19:04 -------- d-----w- c:\program files\trend micro
2011-02-07 05:52 . 2011-02-07 05:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-24 11:12 . 2011-01-31 14:05 -------- d-----w- c:\documents and settings\davidko\Local Settings\Application Data\ConduitEngine
2011-01-24 11:12 . 2011-01-24 11:12 -------- d-----w- c:\program files\ConduitEngine
2011-01-18 17:36 . 2011-01-18 17:36 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:17 . 2008-07-11 17:52 98304 ----a-w- c:\windows\DUMP5b10.tmp
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-05-06 16:42 . 2008-09-06 19:59 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1123C1A-5D52-4df7-B639-6346165FCD58}]
c:\program files\BearFlix Applications\BearFlix MediaBar\BearFlixIEHelper.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\domaci pc\s\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-09-23 4616192]
"nwiz"="nwiz.exe" [2003-09-23 323584]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-07-01 949376]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-07-31 684032]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - g:\common\Bin\WinCinemaMgr.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-25 721904]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-07-01 15424]
S3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter;c:\windows\system32\DRIVERS\rtl8180.SYS [2003-12-03 184320]

.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {9ECFE669-9B9D-4B3D-81ED-1FED4C95D9D0} = 10.1.1.2
TCP: {A4878CC1-8DBA-42CB-93DD-DA446AB0E161} = 195.146.128.60
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} - hxxps://zona.t-com.sk/VianKampan2007/STWebDialer.cab
FF - ProfilePath - c:\documents and settings\davidko\Application Data\Mozilla\Firefox\Profiles\3opl9gi4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-11 14:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2011-02-11 15:01:52
ComboFix-quarantined-files.txt 2011-02-11 14:01
ComboFix2.txt 2011-02-09 18:27
ComboFix3.txt 2011-02-09 13:03

Pre-Run: 28 298 420 224 bytes free
Post-Run: 16 adresárov, 28 276 502 528 voľných bajtov

- - End Of File - - 819DFC1F751FA940904F028BEDB2D6DC

Re: Prosím o kontrolu logu z RSIT

Napsal: 11 úno 2011 15:11
od vyosek
:arrow: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
  • c:\windows\system32\dllcache\moviemk.exe
  • Kliknete na Prochazet
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Send File
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)
:arrow: Jak se chova PC :???:

Re: Prosím o kontrolu logu z RSIT

Napsal: 12 úno 2011 13:38
od mafl
Celkový stav PC je v celku dobrý...modrá obrazovka smrti sa stratila a OS funguje normálne bez toho aby som musel ísť do núdzového režimu

Pripájam výpis z kontroly z VirusTotalu:

Antivirus Version Last Update Result
AhnLab-V3 2011.02.06.00 2011.02.06 -
AntiVir 7.11.3.51 2011.02.12 -
Antiy-AVL 2.0.3.7 2011.02.12 -
Avast 4.8.1351.0 2011.02.12 -
Avast5 5.0.677.0 2011.02.12 -
AVG 10.0.0.1190 2011.02.12 -
BitDefender 7.2 2011.02.12 -
CAT-QuickHeal 11.00 2011.02.12 -
ClamAV 0.96.4.0 2011.02.12 -
Commtouch 5.2.11.5 2011.02.12 -
DrWeb 5.0.2.03300 2011.02.12 -
Emsisoft 5.1.0.2 2011.02.12 -
eSafe 7.0.17.0 2011.02.10 -
eTrust-Vet 36.1.8154 2011.02.11 -
F-Prot 4.6.2.117 2011.02.04 -
F-Secure 9.0.16160.0 2011.02.12 -
Fortinet 4.2.254.0 2011.02.12 -
GData 21 2011.02.12 -
Ikarus T3.1.1.97.0 2011.02.12 -
Jiangmin 13.0.900 2011.02.12 -
K7AntiVirus 9.83.3833 2011.02.12 -
Kaspersky 7.0.0.125 2011.02.12 -
McAfee 5.400.0.1158 2011.02.12 -
McAfee-GW-Edition 2010.1C 2011.02.12 -
Microsoft 1.6502 2011.02.12 -
NOD32 5867 2011.02.12 -
Norman 6.07.03 2011.02.12 -
nProtect 2011-01-27.01 2011.02.02 -
Panda 10.0.3.5 2011.02.11 -
PCTools 7.0.3.5 2011.02.11 -
Prevx 3.0 2011.02.12 -
Rising 23.44.05.00 2011.02.12 -
Sophos 4.61.0 2011.02.12 -
SUPERAntiSpyware 4.40.0.1006 2011.02.12 -
Symantec 20101.3.0.103 2011.02.12 -
TheHacker 6.7.0.1.126 2011.02.10 -
TrendMicro 9.200.0.1012 2011.02.12 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.12 -
VBA32 3.12.14.3 2011.02.11 -
VIPRE 8391 2011.02.12 -
ViRobot 2011.2.12.4307 2011.02.12 -
VirusBuster 13.6.195.0 2011.02.11 -

Re: Prosím o kontrolu logu z RSIT

Napsal: 12 úno 2011 17:07
od vyosek
:arrow: Odinstalujte Combofix
  • Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
  • Napiste ComboFix /Uninstall
  • Stisknete Enter
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za 14 dni

:arrow: Dejte novy log z RSIT a napiste ci je PC jiz v poradku

Re: Prosím o kontrolu logu z RSIT

Napsal: 16 úno 2011 13:10
od mafl
log

Logfile of random's system information tool 1.08 (written by random/random)
Run by davidko at 2011-02-16 13:04:59
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 29 GB (74%) free of 39 GB
Total RAM: 256 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:05:58, on 16. 2. 2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\domaci PC\s\Stardock\CursorFX\CursorFX.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\davidko\Desktop\RSIT.exe
C:\Program Files\trend micro\davidko.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60337
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60337
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)
O2 - BHO: (no name) - {A1123C1A-5D52-4df7-B639-6346165FCD58} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKCU\..\Run: [CursorFX] "C:\domaci PC\s\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = G:\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} (ST WebDialer Control) - https://zona.t-com.sk/VianKampan2007/STWebDialer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ECFE669-9B9D-4B3D-81ED-1FED4C95D9D0}: NameServer = 10.1.1.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4878CC1-8DBA-42CB-93DD-DA446AB0E161}: NameServer = 195.146.128.60
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7154 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2004-12-20 272384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1123C1A-5D52-4df7-B639-6346165FCD58}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2005-01-21 330752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-09-23 4616192]
"nwiz"=nwiz.exe /install []
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-07-01 949376]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-07-31 684032]
"ContentTransferWMDetector.exe"=C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"=C:\domaci PC\s\Stardock\CursorFX\CursorFX.exe [2008-07-07 416768]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
InterVideo WinCinema Manager.lnk - G:\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-02-16 13:04:59 ----D---- C:\rsit
2011-02-16 07:36:16 ----SHD---- C:\RECYCLER
2011-02-13 07:33:16 ----HDC---- C:\windows\$NtUninstallKB980218$
2011-02-13 07:32:56 ----HDC---- C:\windows\$NtUninstallKB951376-v2$
2011-02-13 07:32:45 ----HDC---- C:\windows\$NtUninstallKB952954$
2011-02-13 07:32:20 ----HDC---- C:\windows\$NtUninstallKB959426$
2011-02-13 07:31:10 ----HDC---- C:\windows\$NtUninstallKB946648$
2011-02-13 07:29:03 ----A---- C:\windows\system32\MRT.INI
2011-02-13 07:28:58 ----D---- C:\windows\system32\MpEngineStore
2011-02-13 07:23:16 ----A---- C:\windows\system32\MRT.exe
2011-02-12 11:41:32 ----D---- C:\windows\system32\CatRoot_bak
2011-02-11 19:15:54 ----HDC---- C:\windows\$NtUninstallKB956803$
2011-02-11 19:15:46 ----HDC---- C:\windows\$NtUninstallKB960859$
2011-02-11 19:15:34 ----HDC---- C:\windows\$NtUninstallKB971468$
2011-02-11 19:15:11 ----HDC---- C:\windows\$NtUninstallKB979683$
2011-02-11 19:15:00 ----HDC---- C:\windows\$NtUninstallKB970430$
2011-02-11 19:14:51 ----HDC---- C:\windows\$NtUninstallKB980232$
2011-02-11 19:14:42 ----HDC---- C:\windows\$NtUninstallKB981350$
2011-02-11 19:13:38 ----HDC---- C:\windows\$NtUninstallKB975025$
2011-02-11 19:13:29 ----HDC---- C:\windows\$NtUninstallKB979559$
2011-02-11 19:13:21 ----HDC---- C:\windows\$NtUninstallKB971737$
2011-02-11 19:13:09 ----HDC---- C:\windows\$NtUninstallKB979482$
2011-02-11 19:13:01 ----HDC---- C:\windows\$NtUninstallKB978706$
2011-02-11 19:12:53 ----HDC---- C:\windows\$NtUninstallKB975562$
2011-02-11 19:12:12 ----HDC---- C:\windows\$NtUninstallKB982381$
2011-02-11 07:41:57 ----HDC---- C:\windows\$NtUninstallKB958869$
2011-02-11 07:41:49 ----HDC---- C:\windows\$NtUninstallKB954155_WM9$
2011-02-11 07:41:42 ----HDC---- C:\windows\$NtUninstallKB980195$
2011-02-11 07:41:21 ----HDC---- C:\windows\$NtUninstallKB955759$
2011-02-11 07:41:12 ----HDC---- C:\windows\$NtUninstallKB974318$
2011-02-11 07:41:04 ----HDC---- C:\windows\$NtUninstallKB969059$
2011-02-11 07:40:56 ----HDC---- C:\windows\$NtUninstallKB2229593$
2011-02-11 07:40:48 ----HDC---- C:\windows\$NtUninstallKB950974$
2011-02-11 07:40:40 ----HDC---- C:\windows\$NtUninstallKB978037$
2011-02-11 07:40:32 ----HDC---- C:\windows\$NtUninstallKB975713$
2011-02-11 07:40:24 ----HDC---- C:\windows\$NtUninstallKB971657$
2011-02-11 07:40:11 ----HDC---- C:\windows\$NtUninstallKB978338$
2011-02-11 07:40:03 ----HDC---- C:\windows\$NtUninstallKB972270$
2011-02-11 07:39:55 ----HDC---- C:\windows\$NtUninstallKB974112$
2011-02-11 07:39:33 ----HDC---- C:\windows\$NtUninstallKB956572$
2011-02-11 07:39:21 ----HDC---- C:\windows\$NtUninstallKB956844$
2011-02-11 07:39:14 ----HDC---- C:\windows\$NtUninstallKB961501$
2011-02-11 07:38:50 ----HDC---- C:\windows\$NtUninstallKB975561$
2011-02-11 07:38:36 ----HDC---- C:\windows\$NtUninstallKB952069_WM9$
2011-02-11 07:38:30 ----HDC---- C:\windows\$NtUninstallKB973869$
2011-02-11 07:38:20 ----HDC---- C:\windows\$NtUninstallKB973540_WM9L$
2011-02-11 07:38:13 ----HDC---- C:\windows\$NtUninstallKB952004$
2011-02-11 07:38:04 ----HDC---- C:\windows\$NtUninstallKB974571$
2011-02-11 07:37:56 ----HDC---- C:\windows\$NtUninstallKB975560$
2011-02-11 07:37:46 ----HDC---- C:\windows\$NtUninstallKB973507$
2011-02-11 07:37:39 ----HDC---- C:\windows\$NtUninstallKB941569$
2011-02-11 07:37:15 ----HDC---- C:\windows\$NtUninstallKB977816$
2011-02-11 07:37:06 ----HDC---- C:\windows\$NtUninstallKB973687$
2011-02-11 07:36:58 ----HDC---- C:\windows\$NtUninstallKB950762$
2011-02-11 07:36:50 ----HDC---- C:\windows\$NtUninstallKB981793$
2011-02-11 07:36:44 ----HDC---- C:\windows\$NtUninstallKB978601$
2011-02-11 07:36:37 ----HDC---- C:\windows\$NtUninstallKB952287$
2011-02-11 07:36:25 ----HDC---- C:\windows\$NtUninstallKB973904$
2011-02-11 07:35:58 ----HDC---- C:\windows\$NtUninstallKB967715$
2011-02-11 07:35:29 ----HDC---- C:\windows\$NtUninstallKB929399$
2011-02-11 07:34:45 ----HDC---- C:\windows\$NtUninstallKB974392$
2011-02-11 07:33:50 ----HDC---- C:\windows\$NtUninstallKB977914$
2011-02-11 07:33:32 ----HDC---- C:\windows\$NtUninstallKB951748$
2011-02-11 07:33:24 ----HDC---- C:\windows\$NtUninstallKB971961$
2011-02-11 07:33:15 ----HDC---- C:\windows\$NtUninstallKB978542$
2011-02-11 07:33:07 ----HDC---- C:\windows\$NtUninstallKB970238$
2011-02-11 07:32:55 ----HDC---- C:\windows\$NtUninstallKB979309$
2011-02-11 07:32:48 ----HDC---- C:\windows\$NtUninstallKB978695_WM9$
2011-02-11 07:32:38 ----HDC---- C:\windows\$NtUninstallKB958470$
2011-02-11 07:32:29 ----HDC---- C:\windows\$NtUninstallKB960803$
2011-02-11 07:32:20 ----HDC---- C:\windows\$NtUninstallKB973815$
2011-02-11 07:31:58 ----HDC---- C:\windows\$NtUninstallKB971032$
2011-02-11 07:31:42 ----HDC---- C:\windows\$NtUninstallKB958644$
2011-02-11 07:31:28 ----HDC---- C:\windows\$NtUninstallKB955069$
2011-02-11 07:31:22 ----A---- C:\windows\system32\wmpns.dll
2011-02-11 07:31:06 ----HDC---- C:\windows\$NtUninstallKB979402_WM9L$
2011-02-11 07:31:00 ----HDC---- C:\windows\$NtUninstallKB956802$
2011-02-11 07:30:41 ----HDC---- C:\windows\$NtUninstallKB944338-v2$
2011-02-11 07:30:31 ----HDC---- C:\windows\$NtUninstallKB923561$
2011-02-11 07:30:23 ----HDC---- C:\windows\$NtUninstallKB975467$
2011-02-11 07:29:41 ----HDC---- C:\windows\$NtUninstallKB968389$
2011-02-11 07:21:42 ----N---- C:\windows\system32\browserchoice.exe
2011-02-11 06:41:08 ----N---- C:\windows\system32\tzchange.exe
2011-02-11 06:37:33 ----A---- C:\windows\system32\xpsp3res.dll
2011-02-10 19:46:40 ----D---- C:\windows\system32\PreInstall
2011-02-10 19:46:36 ----HDC---- C:\windows\$NtUninstallKB898461$
2011-02-10 19:46:36 ----HD---- C:\windows\$hf_mig$
2011-02-10 18:56:37 ----D---- C:\windows\system32\SoftwareDistribution
2011-02-09 19:38:57 ----D---- C:\windows\temp
2011-02-09 19:02:05 ----D---- C:\Documents and Settings\davidko\Application Data\TeamViewer
2011-02-09 19:01:34 ----D---- C:\Program Files\TeamViewer
2011-02-08 07:51:37 ----AH---- C:\Documents and Settings\davidko\Application Data\HhdFJl61DD.txt
2011-02-07 19:49:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2011-02-07 19:49:06 ----D---- C:\Program Files\CCleaner
2011-02-07 19:48:46 ----D---- C:\Program Files\MonkeyPhoto
2011-02-07 19:48:45 ----D---- C:\Program Files\Luxor
2011-02-07 19:48:45 ----D---- C:\Program Files\Alawar
2011-02-07 19:48:44 ----D---- C:\Program Files\Zuma's Revenge!
2011-02-07 19:48:44 ----D---- C:\Program Files\Zuma Deluxe
2011-02-07 19:40:24 ----N---- C:\windows\SchedLgU.Txt
2011-02-07 18:53:09 ----D---- C:\Program Files\Crawler
2011-02-07 18:52:55 ----A---- C:\windows\system32\drivers\sp_rsdrv2.sys
2011-02-07 18:52:53 ----D---- C:\Documents and Settings\davidko\Application Data\Spyware Terminator
2011-02-07 18:52:49 ----D---- C:\Program Files\Spyware Terminator
2011-02-07 13:55:01 ----D---- C:\Program Files\trend micro
2011-02-06 18:46:45 ----SHD---- C:\windows\CSC
2011-02-06 18:39:03 ----D---- C:\windows\Minidump
2011-01-24 12:12:43 ----D---- C:\Program Files\ConduitEngine
2011-01-18 18:36:17 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2011-02-16 13:04:22 ----D---- C:\domaci PC
2011-02-16 11:28:19 ----D---- C:\windows\Debug
2011-02-16 11:28:19 ----D---- C:\WINDOWS
2011-02-16 11:17:58 ----D---- C:\windows\system32
2011-02-16 11:10:58 ----D---- C:\windows\Prefetch
2011-02-15 19:23:07 ----SHD---- C:\windows\Installer
2011-02-15 06:53:25 ----D---- C:\Program Files
2011-02-14 13:38:43 ----D---- C:\windows\system32\drivers
2011-02-14 13:31:10 ----RSHDC---- C:\windows\system32\dllcache
2011-02-13 11:21:13 ----D---- C:\windows\security
2011-02-13 07:47:23 ----SD---- C:\windows\Downloaded Program Files
2011-02-13 07:47:20 ----D---- C:\windows\system32\CatRoot2
2011-02-13 07:33:22 ----HD---- C:\windows\inf
2011-02-13 07:31:15 ----D---- C:\Program Files\Messenger
2011-02-13 07:30:06 ----D---- C:\Program Files\Windows Media Player
2011-02-12 18:32:51 ----SD---- C:\windows\Tasks
2011-02-12 12:54:44 ----D---- C:\windows\system32\CatRoot
2011-02-11 20:55:51 ----AC---- C:\windows\system32\PerfStringBackup.INI
2011-02-11 19:12:30 ----D---- C:\Program Files\Internet Explorer
2011-02-11 14:55:33 ----A---- C:\windows\system.ini
2011-02-11 14:55:14 ----D---- C:\windows\system32\drivers\etc
2011-02-11 14:52:16 ----D---- C:\windows\AppPatch
2011-02-11 14:52:10 ----D---- C:\Program Files\Common Files
2011-02-11 10:26:13 ----D---- C:\windows\system32\wbem
2011-02-11 10:26:12 ----D---- C:\windows\system32\Setup
2011-02-11 07:41:58 ----D---- C:\windows\WinSxS
2011-02-11 07:38:54 ----D---- C:\Program Files\Movie Maker
2011-02-11 07:33:18 ----D---- C:\Program Files\Outlook Express
2011-02-11 07:32:40 ----D---- C:\windows\ServicePackFiles
2011-02-10 18:56:50 ----D---- C:\windows\SoftwareDistribution
2011-02-10 18:56:46 ----D---- C:\windows\Help
2011-02-10 11:00:27 ----D---- C:\Documents and Settings\davidko\Application Data\Skype
2011-02-10 09:21:50 ----D---- C:\Documents and Settings\davidko\Application Data\skypePM
2011-02-09 19:20:02 ----D---- C:\windows\system32\config
2011-02-09 13:31:45 ----D---- C:\Program Files\Applications
2011-02-07 20:21:35 ----D---- C:\Program Files\WinRAR
2011-02-07 19:49:01 ----D---- C:\My Games
2011-02-07 19:49:00 ----D---- C:\totalcmd
2011-02-07 19:49:00 ----D---- C:\Install
2011-02-07 19:46:32 ----D---- C:\RAYMAN
2011-02-07 19:46:17 ----AD---- C:\wincmd4
2011-02-07 19:45:52 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2011-02-07 19:45:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-07 18:28:21 ----D---- C:\windows\repair
2011-02-07 08:32:52 ----A---- C:\windows\WINCMD.INI
2011-02-07 08:29:55 ----D---- C:\windows\Album
2011-02-07 07:42:04 ----D---- C:\Documents and Settings
2011-02-07 06:52:39 ----D---- C:\windows\Registration
2011-01-24 12:04:59 ----A---- C:\windows\NeroDigital.ini
2011-01-18 18:36:17 ----RD---- C:\Program Files\Skype
2011-01-18 18:35:50 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2007-07-26 43872]
R0 sisagp;SIS AGP Bus Filter; C:\windows\System32\DRIVERS\sisagp.sys [2004-08-03 41088]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2009-07-25 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Cdr4_xp;Cdr4_xp; C:\windows\system32\drivers\Cdr4_xp.sys [2007-06-20 9072]
R1 Cdralw2k;Cdralw2k; C:\windows\system32\drivers\Cdralw2k.sys [2007-06-20 9200]
R1 cdudf_xp;cdudf_xp; C:\windows\system32\drivers\cdudf_xp.sys [2002-08-13 240128]
R1 intelppm;Intel Processor Driver; C:\windows\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 nod32drv;nod32drv; C:\windows\system32\drivers\nod32drv.sys [2007-07-01 15424]
R1 pwd_2k;pwd_2k; C:\windows\system32\drivers\pwd_2k.sys [2002-07-31 132058]
R1 UdfReadr_xp;UdfReadr_xp; C:\windows\system32\drivers\UdfReadr_xp.sys [2002-07-31 206464]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\windows\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; C:\windows\system32\drivers\amon.sys [2007-07-01 512096]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [2002-07-17 16877]
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 dvd_2K;dvd_2K; C:\windows\system32\drivers\dvd_2K.sys [2002-07-31 25578]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mmc_2K;mmc_2K; C:\windows\system32\drivers\mmc_2K.sys [2002-07-31 30246]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2003-09-23 1265130]
R3 rtl8180;IEEE 802.11b Wireless Cardbus/PCI Adapter; C:\windows\system32\DRIVERS\rtl8180.SYS [2003-12-03 184320]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\windows\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2002-12-05 534976]
S3 aypl4xby;aypl4xby; C:\windows\system32\drivers\aypl4xby.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\windows\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 snpstd;VideoCAM Eye; C:\windows\system32\DRIVERS\snpstd.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\windows\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-15 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-07-01 552064]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\System32\nvsvc32.exe [2003-09-23 69632]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-02-07 570880]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-03 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-12-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz