VIRY.CZ

Vcera vecer doslo k nejake chybe na PC a od toho momentu nefunguje internet. Obavam se aby to nebyla HW chyba, ale sitova karta rozpoznava kabel. Chtel jsem vcera jeste pustit Malwarebytes, ale databaze je celkem stara a bez netu, neudelam update! Proim o kontrolu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by goines2010 at 2011-03-18 11:43:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (37%) free of 100 GB
Total RAM: 959 MB (47% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1214440339-2147082517-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1214440339-2147082517-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-23 8478720]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-08-23 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"ie238754"=C:\Program Files\Internet Explorer\iehiutil\iehiutil.exe [2010-12-27 184832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Wakoopa"=C:\Program Files\Wakoopa\Wakoopa.exe [2009-03-25 573440]
"Rainlendar2"=c:\Rainlendar\Rainlendar2.exe [2008-11-16 4317184]
"Snarfer"=C:\Program Files\Snarfware\Snarfer\Snarfer.exe [2010-11-10 230144]
"Tweetomatic profitter"=C:\Program Files\Tweetomatic Profiteer\Tweetomatic Profiteer\Autotweeting.exe []
"Google Update"=C:\Documents and Settings\goines2010\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
OnlyWire.LNK - C:\Program Files\OnlyWire\OnlyWireWindows.exe

C:\Documents and Settings\goines2010\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe
Shortcut to aclock.lnk - C:\Program Files\Alpha Clock\aclock.exe
Shortcut to RKLauncher.lnk - C:\Program Files\RKLauncher\RKLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\NeverwinterNights\NWN\nwmain.exe"="C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"C:\Documents and Settings\goines2010\Local Settings\Application Data\Vertikal Systems\VORG Express\VORG.Express.exe"="C:\Documents and Settings\goines2010\Local Settings\Application Data\Vertikal Systems\VORG Express\VORG.Express.exe:*:Enabled:VORGE"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\RankBuilder\LinkWheel Builder.exe"="C:\Program Files\RankBuilder\LinkWheel Builder.exe:*:Enabled:RankBuilder"
"C:\Program Files\RankBuilder\Profile Link Builder.exe"="C:\Program Files\RankBuilder\Profile Link Builder.exe:*:Enabled:RankBuilder"
"C:\Program Files\THQ\Dawn of War\W40k.exe"="C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K"
"C:\Program Files\OnlyWire\OnlyWireWindows.exe"="C:\Program Files\OnlyWire\OnlyWireWindows.exe:*:Enabled:OnlyWire Submitter"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe"="C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Free SMTP Server\localsrv.exe"="C:\Program Files\Free SMTP Server\localsrv.exe:*:Enabled:localsrv"
"C:\Program Files\AtomPark\Atomic Mail Sender\AtomicMailSender.exe"="C:\Program Files\AtomPark\Atomic Mail Sender\AtomicMailSender.exe:*:Enabled:Atomic Mail Sender"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-03-18 11:41:15 ----D---- C:\rsit
2011-03-18 03:00:24 ----D---- C:\WINDOWS\LastGood
2011-03-16 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2011-03-10 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2011-03-10 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2011-03-08 03:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2011-03-08 03:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2011-03-08 03:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2011-03-08 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2485376$
2011-03-08 03:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2011-03-08 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2011-03-08 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2011-03-08 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2011-03-08 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2479628$
2011-03-08 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2011-03-08 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2011-03-08 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2011-03-08 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2011-03-08 03:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2011-03-08 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-03-07 13:50:36 ----D---- C:\Program Files\PPC Keyword Generator
2011-03-07 03:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2011-03-07 03:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2011-03-07 03:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2011-03-07 03:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2011-03-07 03:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2011-03-07 03:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2011-03-07 03:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2011-03-07 03:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2011-03-07 03:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2011-03-07 03:11:53 ----SHD---- C:\Config.Msi
2011-03-07 03:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2011-03-07 03:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2011-03-07 03:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2476687$
2011-03-07 03:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2011-03-07 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2011-03-07 03:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2482017$
2011-03-07 03:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2011-03-07 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2011-03-07 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2011-03-07 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2011-03-07 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2011-03-07 03:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2011-03-07 00:56:21 ----D---- C:\Sick Submitter
2011-03-06 15:07:47 ----A---- C:\WINDOWS\OEWABLog.txt
2011-03-06 15:05:16 ----D---- C:\WINDOWS\Prefetch
2011-03-06 15:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-03-06 15:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-03-06 15:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-03-06 14:59:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-03-06 14:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-03-06 14:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-03-06 14:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-03-06 14:57:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-03-06 14:56:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-03-06 14:55:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-03-06 14:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-03-06 14:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-03-06 14:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-03-06 14:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-03-06 14:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-03-06 14:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-03-06 14:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-03-06 14:50:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-03-06 14:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-03-06 14:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-03-06 14:47:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-03-06 14:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-03-06 14:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2011-03-06 14:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-03-06 14:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-03-06 14:44:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2011-03-06 14:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-03-06 14:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-03-06 14:42:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-03-06 14:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-03-06 14:41:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-03-06 14:40:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2011-03-06 14:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-03-06 14:39:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-03-06 14:38:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2011-03-06 14:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-03-06 14:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-03-06 14:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-03-06 14:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-03-06 14:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-03-06 14:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-03-06 14:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-03-06 14:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2011-03-06 14:32:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-03-06 14:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-03-06 14:30:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-03-06 14:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-03-06 14:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-03-06 14:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-03-06 14:28:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-03-06 14:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-03-06 14:26:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-03-06 14:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-03-06 14:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-03-06 14:22:54 ----A---- C:\WINDOWS\setuplog.txt
2011-03-06 14:21:41 ----N---- C:\WINDOWS\system32\smtpapi.dll
2011-03-06 14:21:41 ----N---- C:\WINDOWS\system32\rwnh.dll
2011-03-06 14:21:41 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2011-03-06 14:21:41 ----N---- C:\WINDOWS\system32\comsdupd.exe
2011-03-06 14:21:37 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2011-03-06 14:21:37 ----N---- C:\WINDOWS\system32\ati3duag.dll
2011-03-06 14:21:37 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2011-03-06 14:21:37 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2011-03-06 14:21:37 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2011-03-06 14:21:37 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2011-03-06 14:21:37 ----N---- C:\WINDOWS\system32\aaclient.dll
2011-03-06 14:21:36 ----N---- C:\WINDOWS\system32\credssp.dll
2011-03-06 14:21:36 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2011-03-06 14:21:36 ----N---- C:\WINDOWS\system32\azroles.dll
2011-03-06 14:21:36 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dot3ui.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dot3svc.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dot3msm.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dot3api.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dimsroam.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2011-03-06 14:21:35 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2011-03-06 14:21:34 ----N---- C:\WINDOWS\system32\eapsvc.dll
2011-03-06 14:21:34 ----N---- C:\WINDOWS\system32\eapqec.dll
2011-03-06 14:21:34 ----N---- C:\WINDOWS\system32\eappprxy.dll
2011-03-06 14:21:34 ----N---- C:\WINDOWS\system32\eapphost.dll
2011-03-06 14:21:34 ----N---- C:\WINDOWS\system32\eappgnui.dll
2011-03-06 14:21:34 ----N---- C:\WINDOWS\system32\eappcfg.dll
2011-03-06 14:21:34 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2011-03-06 14:21:34 ----N---- C:\WINDOWS\system32\eapolqec.dll
2011-03-06 14:21:33 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2011-03-06 14:21:32 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2011-03-06 14:21:32 ----N---- C:\WINDOWS\system32\kmsvc.dll
2011-03-06 14:21:32 ----N---- C:\WINDOWS\system32\kbdpash.dll
2011-03-06 14:21:32 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2011-03-06 14:21:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2011-03-06 14:21:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2011-03-06 14:21:31 ----N---- C:\WINDOWS\system32\mmcperf.exe
2011-03-06 14:21:31 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2011-03-06 14:21:31 ----N---- C:\WINDOWS\system32\mmcex.dll
2011-03-06 14:21:31 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2011-03-06 14:21:31 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2011-03-06 14:21:30 ----N---- C:\WINDOWS\system32\onex.dll
2011-03-06 14:21:30 ----N---- C:\WINDOWS\system32\napstat.exe
2011-03-06 14:21:30 ----N---- C:\WINDOWS\system32\napmontr.dll
2011-03-06 14:21:30 ----N---- C:\WINDOWS\system32\napipsec.dll
2011-03-06 14:21:30 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2011-03-06 14:21:30 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2011-03-06 14:21:30 ----N---- C:\WINDOWS\system32\mssha.dll
2011-03-06 14:21:29 ----N---- C:\WINDOWS\system32\setupn.exe
2011-03-06 14:21:29 ----N---- C:\WINDOWS\system32\s3gnb.dll
2011-03-06 14:21:29 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2011-03-06 14:21:29 ----N---- C:\WINDOWS\system32\rasqec.dll
2011-03-06 14:21:29 ----N---- C:\WINDOWS\system32\qutil.dll
2011-03-06 14:21:29 ----N---- C:\WINDOWS\system32\qcliprov.dll
2011-03-06 14:21:29 ----N---- C:\WINDOWS\system32\qagentrt.dll
2011-03-06 14:21:29 ----N---- C:\WINDOWS\system32\qagent.dll
2011-03-06 14:21:28 ----N---- C:\WINDOWS\system32\verclsid.exe
2011-03-06 14:21:28 ----N---- C:\WINDOWS\system32\tspkg.dll
2011-03-06 14:21:28 ----N---- C:\WINDOWS\system32\tsgqec.dll
2011-03-06 14:21:28 ----N---- C:\WINDOWS\system32\slserv.exe
2011-03-06 14:21:28 ----N---- C:\WINDOWS\system32\slrundll.exe
2011-03-06 14:21:28 ----N---- C:\WINDOWS\system32\slgen.dll
2011-03-06 14:21:28 ----N---- C:\WINDOWS\system32\slextspk.dll
2011-03-06 14:21:28 ----N---- C:\WINDOWS\system32\slcoinst.dll
2011-03-06 14:21:27 ----N---- C:\WINDOWS\system32\wlanapi.dll
2011-03-06 14:21:26 ----N---- C:\WINDOWS\system32\xmllite.dll
2011-03-06 14:21:25 ----N---- C:\WINDOWS\slrundll.exe
2011-03-06 14:21:23 ----D---- C:\WINDOWS\system32\en
2011-03-06 14:21:23 ----D---- C:\WINDOWS\system32\bits
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2011-03-06 14:15:12 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2011-03-06 14:15:11 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-03-06 14:15:11 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-03-06 14:15:11 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2011-03-06 14:15:10 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-03-06 14:15:10 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-03-06 14:15:10 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-03-06 14:15:10 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-03-06 14:15:10 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-03-06 14:15:09 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-03-06 14:15:08 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-03-06 14:15:08 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2011-03-06 14:15:08 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2011-03-06 14:15:08 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2011-03-06 14:15:08 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2011-03-06 14:15:08 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2011-03-06 14:15:08 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2011-03-06 14:15:08 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2011-03-06 14:15:07 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-03-06 14:15:07 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-03-06 14:15:07 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-03-06 14:15:07 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-03-06 14:15:06 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2011-03-06 14:15:05 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2011-03-06 14:12:48 ----A---- C:\WINDOWS\006205_.tmp
2011-03-05 23:35:53 ----D---- C:\Documents and Settings\goines2010\Application Data\Sick Marketing
2011-03-03 16:18:33 ----D---- C:\Documents and Settings\goines2010\Application Data\iSpring Solutions
2011-03-03 16:18:05 ----D---- C:\Program Files\iSpring
2011-03-03 16:18:05 ----D---- C:\Program Files\Common Files\iSpring Solutions
2011-03-03 15:28:32 ----D---- C:\Program Files\GPLGS
2011-03-03 15:21:56 ----A---- C:\WINDOWS\system32\cpwmon2k.dll
2011-03-03 15:21:49 ----D---- C:\Program Files\Acro Software
2011-03-03 15:15:37 ----D---- C:\Documents and Settings\goines2010\Application Data\Help
2011-03-03 15:15:28 ----A---- C:\WINDOWS\SW_Win3112X32.DLL
2011-03-03 15:15:01 ----A---- C:\WINDOWS\system32\msvbvm60.dll
2011-03-03 15:15:00 ----D---- C:\Program Files\Softinterface, Inc
2011-03-03 15:02:55 ----D---- C:\Documents and Settings\goines2010\Application Data\Moyea
2011-03-02 18:02:01 ----D---- C:\Program Files\FreeMind
2011-03-02 10:52:41 ----D---- C:\Program Files\Niche Finder
2011-03-01 13:52:00 ----D---- C:\Program Files\RSS Submit
2011-02-24 16:22:25 ----D---- C:\Program Files\Article Marketing Robot
2011-02-24 16:22:25 ----D---- C:\Documents and Settings\goines2010\Application Data\Article Marketing Robot
2011-02-23 00:10:23 ----D---- C:\Downloads
2011-02-21 16:17:25 ----D---- C:\Program Files\I Koder
2011-02-19 17:16:07 ----AH---- C:\WINDOWS\akebook.ini
2011-02-19 17:16:07 ----AH---- C:\WINDOWS\a3kebook.ini
2011-02-19 17:16:07 ----A---- C:\WINDOWS\ANS2000.INI

======List of files/folders modified in the last 1 months======

2011-03-18 11:44:10 ----D---- C:\Program Files\trend micro
2011-03-18 11:44:10 ----D---- C:\Program Files\OnlyWire
2011-03-18 10:39:08 ----D---- C:\WINDOWS\Temp
2011-03-18 03:02:37 ----HD---- C:\WINDOWS\inf
2011-03-18 03:02:23 ----D---- C:\WINDOWS\system32\CatRoot
2011-03-18 03:01:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-03-18 03:01:08 ----D---- C:\WINDOWS\system32
2011-03-18 03:01:06 ----D---- C:\WINDOWS
2011-03-18 03:00:23 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-17 23:49:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-03-17 23:44:45 ----D---- C:\WINDOWS\system32\drivers
2011-03-17 23:44:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-17 22:22:19 ----SHD---- C:\WINDOWS\CSC
2011-03-17 17:33:53 ----D---- C:\My Web Sites
2011-03-17 14:04:36 ----D---- C:\Documents and Settings\goines2010\Application Data\foobar2000
2011-03-15 19:54:47 ----HD---- C:\WINDOWS\$hf_mig$
2011-03-14 22:24:21 ----D---- C:\Documents and Settings\goines2010\Application Data\uTorrent
2011-03-14 18:05:09 ----D---- C:\Program Files\Internet Explorer
2011-03-10 03:02:00 ----A---- C:\WINDOWS\imsins.BAK
2011-03-08 15:38:41 ----A---- C:\WINDOWS\win.ini
2011-03-07 13:50:36 ----RD---- C:\Program Files
2011-03-07 10:48:13 ----D---- C:\WINDOWS\Microsoft.NET
2011-03-07 10:48:04 ----RSD---- C:\WINDOWS\assembly
2011-03-07 03:17:19 ----D---- C:\WINDOWS\WinSxS
2011-03-07 03:15:49 ----SHD---- C:\WINDOWS\Installer
2011-03-07 03:04:18 ----D---- C:\Program Files\Movie Maker
2011-03-07 03:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2011-03-07 03:01:39 ----D---- C:\Program Files\Outlook Express
2011-03-06 20:59:38 ----D---- C:\Program Files\Opera
2011-03-06 20:58:56 ----SD---- C:\WINDOWS\Tasks
2011-03-06 20:58:27 ----D---- C:\Program Files\Ad Word Analyzer
2011-03-06 15:06:39 ----D---- C:\WINDOWS\Debug
2011-03-06 15:03:48 ----D---- C:\WINDOWS\system32\Setup
2011-03-06 15:03:48 ----D---- C:\WINDOWS\AppPatch
2011-03-06 15:03:47 ----D---- C:\WINDOWS\system32\wbem
2011-03-06 15:03:46 ----RSD---- C:\WINDOWS\Fonts
2011-03-06 14:30:24 ----D---- C:\WINDOWS\security
2011-03-06 14:27:05 ----D---- C:\Program Files\Messenger
2011-03-06 14:21:58 ----D---- C:\Program Files\Windows Media Player
2011-03-06 14:21:40 ----D---- C:\WINDOWS\system32\inetsrv
2011-03-06 14:21:39 ----D---- C:\WINDOWS\network diagnostic
2011-03-06 14:21:39 ----D---- C:\WINDOWS\ime
2011-03-06 14:21:39 ----D---- C:\WINDOWS\Help
2011-03-06 14:21:24 ----D---- C:\WINDOWS\system32\usmt
2011-03-06 14:21:23 ----D---- C:\WINDOWS\PeerNet
2011-03-06 14:17:58 ----D---- C:\WINDOWS\system32\Restore
2011-03-06 14:17:58 ----D---- C:\WINDOWS\system32\npp
2011-03-06 14:17:58 ----D---- C:\WINDOWS\mui
2011-03-06 14:17:56 ----D---- C:\WINDOWS\msagent
2011-03-06 14:17:55 ----D---- C:\WINDOWS\srchasst
2011-03-06 14:17:54 ----D---- C:\Program Files\NetMeeting
2011-03-06 14:17:52 ----D---- C:\WINDOWS\system32\Com
2011-03-06 14:17:49 ----D---- C:\Program Files\Windows NT
2011-03-06 14:17:44 ----D---- C:\Program Files\Common Files\System
2011-03-06 14:17:19 ----D---- C:\WINDOWS\system32\oobe
2011-03-06 14:17:15 ----D---- C:\WINDOWS\system
2011-03-06 14:12:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-03-06 14:12:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-03-06 14:07:36 ----D---- C:\WINDOWS\ehome
2011-03-06 09:16:30 ----D---- C:\WINDOWS\Minidump
2011-03-05 13:20:31 ----D---- C:\Program Files\Mozilla Firefox
2011-03-03 16:18:05 ----D---- C:\Program Files\Common Files
2011-03-02 17:03:19 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-27 13:41:15 ----D---- C:\Documents and Settings\goines2010\Application Data\Adobe
2011-02-26 00:09:52 ----SD---- C:\Documents and Settings\goines2010\Application Data\Microsoft
2011-02-25 15:58:25 ----D---- C:\Program Files\eProximy
2011-02-25 15:53:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-02-24 15:28:54 ----D---- C:\Documents and Settings\goines2010\Application Data\vlc
2011-02-24 15:14:42 ----D---- C:\Auto Content Cash
2011-02-22 22:43:52 ----D---- C:\Program Files\Digsby
2011-02-22 22:19:41 ----D---- C:\Program Files\Micro Niche Finder 5.0
2011-02-22 22:19:16 ----D---- C:\Program Files\Long Tail Pro
2011-02-22 22:18:55 ----D---- C:\Program Files\ELF
2011-02-22 22:18:33 ----D---- C:\Program Files\ATITool
2011-02-21 01:25:39 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-02-19 17:16:07 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-08-13 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2010-08-12 822272]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-12-18 732160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-23 6844864]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-06 58752]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-06 19968]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2007-08-08 28968]
S3 abmoyt9c;abmoyt9c; C:\WINDOWS\system32\drivers\abmoyt9c.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Documents and Settings\goines2010\Local Settings\Temp\tmp1C.tmp []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service; C:\Program Files\Micro Niche Finder\srvany.exe [2003-04-18 8192]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-23 155716]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe [2009-06-17 6582912]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

zdravim
Stiahnes>>a prenes na tvoj pocitac OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem.

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\Documents and Settings\goines2010\Start Menu\Programs\Startup\Shortcut to aclock.lnk
C:\WINDOWS\tasks\Driver Robot.job
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
ipconfig /flushdns /c 
Netsh Winsock Reset /c
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"ie238754"=-

:Commands 
[resethosts] 
[CreateRestorePoint] 
[emptytemp] 
[start explorer]
[Reboot]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Documents and Settings\goines2010\Start Menu\Programs\Startup\Shortcut to aclock.lnk moved successfully.
C:\WINDOWS\tasks\Driver Robot.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\003105_.tmp moved successfully.
C:\WINDOWS\006205_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP228.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2CB.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3BD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP417.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP587.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5BF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP805.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP828.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP84.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP907.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA14.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDC.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI1F2.tmp moved successfully.
C:\WINDOWS\Installer\MSIF.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\ib252.tmp moved successfully.
C:\WINDOWS\Temp\ib253.tmp moved successfully.
C:\WINDOWS\Temp\ib254.tmp moved successfully.
C:\WINDOWS\Temp\ib255.tmp moved successfully.
C:\WINDOWS\Temp\ib256.tmp moved successfully.
C:\WINDOWS\Temp\ib295.tmp moved successfully.
C:\WINDOWS\Temp\ib296.tmp moved successfully.
C:\WINDOWS\Temp\ib297.tmp moved successfully.
C:\WINDOWS\Temp\ib298.tmp moved successfully.
C:\WINDOWS\Temp\ib299.tmp moved successfully.
C:\WINDOWS\Temp\ibAF.tmp moved successfully.
C:\WINDOWS\Temp\ibB0.tmp moved successfully.
C:\WINDOWS\Temp\ibB1.tmp moved successfully.
C:\WINDOWS\Temp\ibB2.tmp moved successfully.
C:\WINDOWS\Temp\ibB3.tmp moved successfully.
C:\WINDOWS\Temp\ibB4.tmp moved successfully.
C:\WINDOWS\Temp\ibB5.tmp moved successfully.
C:\WINDOWS\Temp\ibB6.tmp moved successfully.
C:\WINDOWS\Temp\ibB7.tmp moved successfully.
C:\WINDOWS\Temp\ibB8.tmp moved successfully.
C:\WINDOWS\Temp\ibB9.tmp moved successfully.
C:\WINDOWS\Temp\ibBA.tmp moved successfully.
C:\WINDOWS\Temp\ibBB.tmp moved successfully.
C:\WINDOWS\Temp\ibBC.tmp moved successfully.
C:\WINDOWS\Temp\ibBD.tmp moved successfully.
C:\WINDOWS\Temp\ibBE.tmp moved successfully.
C:\WINDOWS\Temp\ibBF.tmp moved successfully.
C:\WINDOWS\Temp\ibC0.tmp moved successfully.
C:\WINDOWS\Temp\ibC1.tmp moved successfully.
C:\WINDOWS\Temp\ibC2.tmp moved successfully.
C:\WINDOWS\Temp\ibC3.tmp moved successfully.
C:\WINDOWS\Temp\ibC4.tmp moved successfully.
C:\WINDOWS\Temp\ibC5.tmp moved successfully.
C:\WINDOWS\Temp\ibC6.tmp moved successfully.
C:\WINDOWS\Temp\ibC7.tmp moved successfully.
C:\WINDOWS\Temp\ibDB.tmp moved successfully.
C:\WINDOWS\Temp\ibDC.tmp moved successfully.
C:\WINDOWS\Temp\ibDD.tmp moved successfully.
C:\WINDOWS\Temp\ibDE.tmp moved successfully.
C:\WINDOWS\Temp\ibDF.tmp moved successfully.
C:\WINDOWS\Temp\_avast_\unp102445080.tmp moved successfully.
C:\WINDOWS\Temp\_avast_\unp27165002.tmp moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\goines2010\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\goines2010\Desktop\cmd.txt deleted successfully.
< Netsh Winsock Reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.
C:\Documents and Settings\goines2010\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\goines2010\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ie238754 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: goines2010
->Temp folder emptied: 1987804447 bytes
->Temporary Internet Files folder emptied: 996623 bytes
->Java cache emptied: 21223 bytes
->FireFox cache emptied: 769587700 bytes
->Google Chrome cache emptied: 856432 bytes
->Opera cache emptied: 160296295 bytes
->Flash cache emptied: 107710 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nudesy

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7339533 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 92351248 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 13266 bytes

Total Files Cleaned = 2,880.00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 03182011_151219

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Tieto ucty poznas??
goines2010
User: Nudesy

Ide internet??

Internet stale nejde, zkousel jsem ping. Ale predchvili doslo k aktualizaci Avastu, tz ze musel chvili bezet.
Z tech uctu znam akorat goines2010 coz je muj hlavni uzivatelsky ucet ...ucet nudesy neznam.

EDIT: nudesy byla pouze slozka z dokumenty ve slozce USERs ..presunuta ..internet stale nejde

Ale predchvili doslo k aktualizaci Avastu, tz ze musel chvili bezet

Tak tomu nerozumiem

Ak internet neide, tak ako Avast aktualizoval??
no nic
Skontroluj ci ti smejd nenastavil proxy
1:Otvorte Internet.explorer.
2:Kliknite na záložku Nástroje a potom vyberte Možnosti Internetu...
3:Teraz kliknite na kartu Pripojenia.
4:Teraz kliknite na tlačidlo Nastavenie miestnej siete(LAN)
5:Teraz budete na sieti (LAN)
6:zrušte za čiarknutie, políčko, Používať proxy server pre vašu LAN. Potom stlačte tlačidlo OK.

spust combofix
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

Ano, Avast me tez prekvapil.
Prohlizeni v Internetu nefunguje. Zkousel jsem i ping ve spustit a zadna odezva. Odesel jsem od PC a najednou zaznela hlaska z Avastu ze Databaze byla aktualizovana. Tudiz je mozne ze se PC pripoji k internetu v ruznem casovem intervalu na ruznou dobu.

Proxy jsem prohledl a vse je nastavene defaultne.

Spustim ComboFix a poslu report.Diky za pomoc.

ComboFix 11-03-17.02 - goines2010 18/03/2011 17:13:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.959.544 [GMT 0:00]
Running from: c:\documents and settings\goines2010\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\goines2010\Application Data\chrtmp
c:\documents and settings\goines2010\Application Data\ubot
c:\documents and settings\goines2010\Application Data\ubotcompile4579483
c:\documents and settings\goines2010\Application Data\ubotcompile4579483\bot.exe
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\csc.exe
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Manifests\compile.exe_0x5F4166D53D18E674EF964D14371EFD8D.1.manifest
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Manifests\VmX.dll_0x708E180A6A058DCDE2E1F8586DD2BA4A.2.manifest
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app.manifest
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app@1.0.0.0.manifest
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX.manifest
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX@1.0.0.0.manifest
c:\documents and settings\goines2010\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\XRegistry.tmp
c:\documents and settings\goines2010\My Documents\u-bot
c:\documents and settings\goines2010\My Documents\u-bot\friendpos.txt
c:\documents and settings\goines2010\My Documents\u-bot\mailpos.txt
c:\documents and settings\goines2010\My Documents\u-bot\urls.txt
c:\documents and settings\goines2010\Recent\Treasure Isle Secrets Treasure Isle - Treasure Isle Secrets guide for dramatically improving your play level.url
c:\documents and settings\goines2010\Templates\cdkeys.txt
c:\instantsocialanarchy\InstantSocialAnarchy.exe
c:\keywordcorral\KeywordCorral.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\explorer(2).exe
c:\windows\SW_Win3112X32.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 15:12 . 2011-03-18 15:12 -------- d-----w- C:\_OTM
2011-03-18 11:41 . 2011-03-18 11:44 -------- d-----w- C:\rsit
2011-03-14 18:05 . 2011-03-14 18:05 714526 ----a-w- c:\program files\Internet Explorer\iehiutil\unins000.exe
2011-03-14 18:05 . 2010-12-27 08:28 184832 ----a-w- c:\program files\Internet Explorer\iehiutil\iehiutil.exe
2011-03-14 18:05 . 2010-12-26 08:52 183808 ----a-w- c:\program files\Internet Explorer\iehiutil\register.exe
2011-03-07 13:50 . 2011-03-07 13:50 -------- d-----w- c:\program files\PPC Keyword Generator
2011-03-07 00:56 . 2011-03-07 00:56 -------- d-----w- C:\Sick Submitter
2011-03-06 18:44 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-03-06 18:44 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-06 18:44 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-03-06 18:44 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-03-06 18:43 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-06 18:40 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-03-06 18:40 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-06 14:17 . 2008-04-14 05:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-03-06 14:17 . 2008-04-14 05:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-03-05 23:35 . 2011-03-07 00:52 -------- d-----w- c:\documents and settings\goines2010\Application Data\Sick Marketing
2011-03-05 23:35 . 2011-03-05 23:35 -------- d-----w- c:\documents and settings\goines2010\Local Settings\Application Data\Downloaded Installations
2011-03-03 16:18 . 2011-03-03 16:52 -------- d-----w- c:\documents and settings\goines2010\Application Data\iSpring Solutions
2011-03-03 16:18 . 2011-03-03 16:18 -------- d-----w- c:\program files\iSpring
2011-03-03 16:18 . 2011-03-03 16:18 -------- d-----w- c:\program files\Common Files\iSpring Solutions
2011-03-03 15:28 . 2011-03-03 15:28 -------- d-----w- c:\program files\GPLGS
2011-03-03 15:21 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-03-03 15:21 . 2011-03-03 15:21 -------- d-----w- c:\program files\Acro Software
2011-03-03 15:15 . 2011-03-03 15:15 -------- d-----w- c:\documents and settings\goines2010\Local Settings\Application Data\Help
2011-03-03 15:15 . 2000-05-22 00:00 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2011-03-03 15:15 . 1999-05-07 00:00 140288 ----a-w- c:\windows\system32\comdlg32.ocx
2011-03-03 15:15 . 2008-04-14 05:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll
2011-03-03 15:15 . 2011-03-03 15:15 -------- d-----w- c:\program files\Softinterface, Inc
2011-03-03 15:02 . 2011-03-03 15:02 -------- d-----w- c:\documents and settings\goines2010\Application Data\Moyea
2011-03-02 18:02 . 2011-03-02 18:03 -------- d-----w- c:\documents and settings\goines2010\.freemind
2011-03-02 18:02 . 2011-03-02 18:02 -------- d-----w- c:\program files\FreeMind
2011-03-02 10:53 . 2011-03-02 11:00 -------- d-----w- c:\documents and settings\All Users\Niche Finder
2011-03-02 10:52 . 2011-03-02 11:25 -------- d-----w- c:\program files\Niche Finder
2011-03-01 13:52 . 2011-03-01 13:59 -------- d-----w- c:\program files\RSS Submit
2011-02-24 16:22 . 2011-03-06 21:43 -------- d-----w- c:\documents and settings\goines2010\Application Data\Article Marketing Robot
2011-02-24 16:22 . 2011-02-24 16:22 -------- d-----w- c:\program files\Article Marketing Robot
2011-02-23 00:10 . 2011-02-23 00:10 -------- d-----w- C:\Downloads
2011-02-21 16:17 . 2011-02-21 16:17 -------- d-----w- c:\program files\I Koder
2011-02-18 12:28 . 2011-02-22 22:19 -------- d-----w- c:\program files\Micro Niche Finder 5.0
2011-02-18 12:21 . 2011-02-18 16:31 -------- d-----w- c:\documents and settings\goines2010\Application Data\Notepad++
2011-02-18 12:21 . 2011-02-18 12:21 -------- d-----w- c:\program files\Notepad++
2011-02-17 13:06 . 2011-03-17 02:18 -------- d-----w- c:\documents and settings\goines2010\Local Settings\Application Data\Temp
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-08-12 16:25 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-28 08:00 . 2011-02-09 01:02 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-27 11:57 . 2010-08-12 16:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-08-12 20:40 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-08-12 20:40 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-08-12 20:40 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-08-12 20:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-08-12 20:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-08-12 20:40 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-08-12 20:40 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-08-12 20:40 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-08-12 20:40 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:15 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 18:09 . 2010-12-07 14:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-12-07 14:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 15:30 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Wakoopa"="c:\program files\Wakoopa\Wakoopa.exe" [2009-03-25 573440]
"Rainlendar2"="c:\rainlendar\Rainlendar2.exe" [2008-11-16 4317184]
"Snarfer"="c:\program files\Snarfware\Snarfer\Snarfer.exe" [2010-11-10 230144]
"Google Update"="c:\documents and settings\goines2010\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-02-19 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"nwiz"="nwiz.exe" [2007-08-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\goines2010\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
Shortcut to RKLauncher.lnk - c:\program files\RKLauncher\RKLauncher.exe [2010-8-12 368640]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
OnlyWire.LNK - c:\program files\OnlyWire\OnlyWireWindows.exe [2010-9-7 622504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-08-23 22:15 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\goines2010\\Local Settings\\Application Data\\Vertikal Systems\\VORG Express\\VORG.Express.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\RankBuilder\\LinkWheel Builder.exe"=
"c:\\Program Files\\RankBuilder\\Profile Link Builder.exe"=
"c:\\Program Files\\OnlyWire\\OnlyWireWindows.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AtomPark\\Atomic Mail Sender\\AtomicMailSender.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/08/2010 13:17 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/08/2010 20:40 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/08/2010 20:40 17744]
S2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [05/09/2010 13:18 8192]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\documents and settings\goines2010\Local Settings\Temp\tmp1C.tmp --> c:\documents and settings\goines2010\Local Settings\Temp\tmp1C.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1214440339-2147082517-1003Core.job
- c:\documents and settings\goines2010\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 00:13]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1214440339-2147082517-1003UA.job
- c:\documents and settings\goines2010\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 00:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\goines2010\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
FF - ProfilePath - c:\documents and settings\goines2010\Application Data\Mozilla\Firefox\Profiles\ns9t71j2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Discogs Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WebRank Toolbar: webrank-toolbar@probcomp.com - %profile%\extensions\webrank-toolbar@probcomp.com
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - %profile%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: NewIPNow.com Proxy Switcher: extension@newipnow.com - %profile%\extensions\extension@newipnow.com
FF - Ext: Yoono: {d9284e50-81fc-11da-a72b-0800200c9a66} - %profile%\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.interval - 100000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Tweetomatic profitter - c:\program files\Tweetomatic Profiteer\Tweetomatic Profiteer\Autotweeting.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 17:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinRing0_1_2_0]
"ImagePath"="\??\c:\documents and settings\goines2010\Local Settings\Temp\tmp1C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-18 17:24:35
ComboFix-quarantined-files.txt 2011-03-18 17:24
.
Pre-Run: 41,327,128,576 bytes free
Post-Run: 41,278,672,896 bytes free
.
- - End Of File - - BBD4159B95B56A73B95BF85CA58DB496

c:\program files\Internet Explorer\iehiutil\iehiutil.exe
c:\program files\Internet Explorer\iehiutil\register.exe
Otestuj na www.virustotal.com
link vloz sem.

iehiutil.exe
register.exe

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Driver::
WinRing0_1_2_0
Rootkit::
c:\documents and settings\goines2010\Local Settings\Temp\tmp1C.tmp
File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1214440339-2147082517-1003UA.job
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinRing0_1_2_0]
"ImagePath"=-
Folder::
c:\program files\Internet Explorer\iehiutil

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

ComboFix 11-03-17.02 - goines2010 18/03/2011 19:01:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.959.405 [GMT 0:00]
Running from: c:\documents and settings\goines2010\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\goines2010\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\iehiutil
c:\program files\Internet Explorer\iehiutil\iehiutil.exe
c:\program files\Internet Explorer\iehiutil\register.exe
c:\program files\Internet Explorer\iehiutil\register.txt
c:\program files\Internet Explorer\iehiutil\unins000.dat
c:\program files\Internet Explorer\iehiutil\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_2_0
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 15:12 . 2011-03-18 15:12 -------- d-----w- C:\_OTM
2011-03-18 11:41 . 2011-03-18 11:44 -------- d-----w- C:\rsit
2011-03-07 13:50 . 2011-03-07 13:50 -------- d-----w- c:\program files\PPC Keyword Generator
2011-03-07 00:56 . 2011-03-07 00:56 -------- d-----w- C:\Sick Submitter
2011-03-06 18:44 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-03-06 18:44 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-03-06 18:44 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-03-06 18:44 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-03-06 18:43 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-03-06 18:40 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-03-06 18:40 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-03-06 14:17 . 2008-04-14 05:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-03-06 14:17 . 2008-04-14 05:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-03-05 23:35 . 2011-03-07 00:52 -------- d-----w- c:\documents and settings\goines2010\Application Data\Sick Marketing
2011-03-05 23:35 . 2011-03-05 23:35 -------- d-----w- c:\documents and settings\goines2010\Local Settings\Application Data\Downloaded Installations
2011-03-03 16:18 . 2011-03-03 16:52 -------- d-----w- c:\documents and settings\goines2010\Application Data\iSpring Solutions
2011-03-03 16:18 . 2011-03-03 16:18 -------- d-----w- c:\program files\iSpring
2011-03-03 16:18 . 2011-03-03 16:18 -------- d-----w- c:\program files\Common Files\iSpring Solutions
2011-03-03 15:28 . 2011-03-03 15:28 -------- d-----w- c:\program files\GPLGS
2011-03-03 15:21 . 2009-11-05 07:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-03-03 15:21 . 2011-03-03 15:21 -------- d-----w- c:\program files\Acro Software
2011-03-03 15:15 . 2011-03-03 15:15 -------- d-----w- c:\documents and settings\goines2010\Local Settings\Application Data\Help
2011-03-03 15:15 . 2000-05-22 00:00 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2011-03-03 15:15 . 1999-05-07 00:00 140288 ----a-w- c:\windows\system32\comdlg32.ocx
2011-03-03 15:15 . 2008-04-14 05:42 1384479 ----a-w- c:\windows\system32\msvbvm60.dll
2011-03-03 15:15 . 2011-03-03 15:15 -------- d-----w- c:\program files\Softinterface, Inc
2011-03-03 15:02 . 2011-03-03 15:02 -------- d-----w- c:\documents and settings\goines2010\Application Data\Moyea
2011-03-02 18:02 . 2011-03-02 18:03 -------- d-----w- c:\documents and settings\goines2010\.freemind
2011-03-02 18:02 . 2011-03-02 18:02 -------- d-----w- c:\program files\FreeMind
2011-03-02 10:53 . 2011-03-02 11:00 -------- d-----w- c:\documents and settings\All Users\Niche Finder
2011-03-02 10:52 . 2011-03-02 11:25 -------- d-----w- c:\program files\Niche Finder
2011-03-01 13:52 . 2011-03-01 13:59 -------- d-----w- c:\program files\RSS Submit
2011-02-24 16:22 . 2011-03-06 21:43 -------- d-----w- c:\documents and settings\goines2010\Application Data\Article Marketing Robot
2011-02-24 16:22 . 2011-02-24 16:22 -------- d-----w- c:\program files\Article Marketing Robot
2011-02-23 00:10 . 2011-02-23 00:10 -------- d-----w- C:\Downloads
2011-02-21 16:17 . 2011-02-21 16:17 -------- d-----w- c:\program files\I Koder
2011-02-18 12:28 . 2011-02-22 22:19 -------- d-----w- c:\program files\Micro Niche Finder 5.0
2011-02-18 12:21 . 2011-02-18 16:31 -------- d-----w- c:\documents and settings\goines2010\Application Data\Notepad++
2011-02-18 12:21 . 2011-02-18 12:21 -------- d-----w- c:\program files\Notepad++
2011-02-17 13:06 . 2011-03-17 02:18 -------- d-----w- c:\documents and settings\goines2010\Local Settings\Application Data\Temp
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-08-12 16:25 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-28 08:00 . 2011-02-09 01:02 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-01-27 11:57 . 2010-08-12 16:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-08-12 20:40 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-08-12 20:40 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-08-12 20:40 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-08-12 20:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-08-12 20:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-08-12 20:40 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-08-12 20:40 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-08-12 20:40 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-08-12 20:40 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 22:15 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 18:09 . 2010-12-07 14:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-12-07 14:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 15:30 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Wakoopa"="c:\program files\Wakoopa\Wakoopa.exe" [2009-03-25 573440]
"Rainlendar2"="c:\rainlendar\Rainlendar2.exe" [2008-11-16 4317184]
"Snarfer"="c:\program files\Snarfware\Snarfer\Snarfer.exe" [2010-11-10 230144]
"Google Update"="c:\documents and settings\goines2010\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-02-19 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"nwiz"="nwiz.exe" [2007-08-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\goines2010\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
Shortcut to RKLauncher.lnk - c:\program files\RKLauncher\RKLauncher.exe [2010-8-12 368640]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
OnlyWire.LNK - c:\program files\OnlyWire\OnlyWireWindows.exe [2010-9-7 622504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-08-23 22:15 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\goines2010\\Local Settings\\Application Data\\Vertikal Systems\\VORG Express\\VORG.Express.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\RankBuilder\\LinkWheel Builder.exe"=
"c:\\Program Files\\RankBuilder\\Profile Link Builder.exe"=
"c:\\Program Files\\OnlyWire\\OnlyWireWindows.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AtomPark\\Atomic Mail Sender\\AtomicMailSender.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13/08/2010 13:17 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/08/2010 20:40 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/08/2010 20:40 17744]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\Micro Niche Finder\srvany.exe [05/09/2010 13:18 8192]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1214440339-2147082517-1003Core.job
- c:\documents and settings\goines2010\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 00:13]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1214440339-2147082517-1003UA.job
- c:\documents and settings\goines2010\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-19 00:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\goines2010\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
FF - ProfilePath - c:\documents and settings\goines2010\Application Data\Mozilla\Firefox\Profiles\ns9t71j2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Discogs Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WebRank Toolbar: webrank-toolbar@probcomp.com - %profile%\extensions\webrank-toolbar@probcomp.com
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - %profile%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: NewIPNow.com Proxy Switcher: extension@newipnow.com - %profile%\extensions\extension@newipnow.com
FF - Ext: Yoono: {d9284e50-81fc-11da-a72b-0800200c9a66} - %profile%\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: nglayout.initialpaint.delay - 100
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.interval - 100000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 4
FF - user.js: network.http.max-persistent-connections-per-server - 2
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{DD8A8482-E5B3-44D3-B033-4191462EA1AE}_is1 - c:\program files\Internet Explorer\iehiutil\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 19:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2976)
c:\program files\RKLauncher\RKLauncher.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Micro Niche Finder\bggoogle.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Digsby\lib\digsby-app.exe
c:\program files\Java\jre6\bin\javaw.exe
.
**************************************************************************
.
Completion time: 2011-03-18 19:17:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-18 19:17
ComboFix2.txt 2011-03-18 17:24
.
Pre-Run: 41,288,515,584 bytes free
Post-Run: 41,191,227,392 bytes free
.
- - End Of File - - 54795367885748319CE9B3A2C3788004

1:Stiahneme mbr exe na plochu,a necháme ho tam.
2:Stlačiť Kláves s logom Windows + R.
3:Do prázdneho poľa zadajte príkaz cmd
4:Do čierneho okna skopiruj príkaz.

Kód: Vybrat vše

"%userprofile%\desktop\mbr.exe" -t -s -l "%userprofile%\desktop\GMER.txt"

:Na ploche sa nám uloží log GMER.txt> obsah>>vloz sem

Filename, directory name, or volume label syntax is incorrect.

defaultni adresa v cmd je C:/Documents and Settings/goines2010

To je ok, daco si zle spravil.

"%userprofile%\desktop\mbr.exe" -t -s -l "%userprofile%\desktop\GMER.txt"

MBR>ma byt na ploche>> a do cierneho okn a Skopiruj presne tento prikaz

Ja dnes koncim, sprav to tak ako som napisal, a napis co je noveho.

VIRY.CZ

Prestal fungovat internet

Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet

Re: Prestal fungovat internet