vírus FB+ asi aj iné prikládám log z COMBOFIXu.. thanks4help

[vlady7]

ComboFix 11-07-23.04 - rr 23.07.2011 20:49:49.1.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.421.1033.18.511.379 [GMT 2:00]
Running from: e:\documents and settings\rr\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Administrator\Application Data\Mikrotik
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\advtool.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\advtool.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\dhcp.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\dhcp.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\hotspot.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\hotspot.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\ppp.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\ppp.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roteros.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roteros.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roting2.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\roting2.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\secure.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\secure.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\system.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\system.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\wlan2.crc
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.3\wlan2.dll
e:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\winbox.cfg
e:\documents and settings\rr\Application Data\Mikrotik
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\advtool.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\advtool.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\dhcp.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\dhcp.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\hotspot.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\hotspot.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\ppp.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\ppp.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roteros.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roteros.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roting2.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\roting2.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\secure.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\secure.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\system.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\system.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\wlan2.crc
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\3.3\wlan2.dll
e:\documents and settings\rr\Application Data\Mikrotik\Winbox\winbox.cfg
e:\documents and settings\rr\Application Data\PriceGong
e:\documents and settings\rr\Application Data\PriceGong\Data\1.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\a.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\b.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\c.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\d.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\e.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\f.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\g.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\h.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\i.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\J.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\k.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\l.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\m.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\mru.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\n.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\o.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\p.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\q.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\r.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\s.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\t.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\u.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\v.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\w.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\x.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\y.xml
e:\documents and settings\rr\Application Data\PriceGong\Data\z.xml
e:\documents and settings\rr\My Documents\DPE.DUS
e:\documents and settings\rr\WINDOWS
e:\windows\IsUn0407.exe
e:\windows\TEMP\11422859-loader2.exe
e:\windows\TEMP\83114693-loader2.exe
e:\windows\TEMP\9526500.exe
e:\windows\update.1
e:\windows\update.2
e:\windows\update.5.0
e:\windows\update.5.0\2838.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\documents and settings\rr\Application Data\Malwarebytes
2011-07-22 19:22 . 2010-12-20 16:09 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-07-22 19:22 . 2010-12-20 16:08 19288 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\AMD APP
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\ATI
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\ATI Technologies
2011-07-22 18:48 . 2011-07-22 18:55 -------- d-----w- e:\program files\trend micro
2011-07-22 18:48 . 2011-07-22 18:49 -------- d-----w- E:\rsit
2011-07-22 18:47 . 2011-07-22 18:47 -------- d-----w- E:\ATI
2011-07-22 18:35 . 2011-07-22 18:35 -------- d-----w- e:\windows\phoenix
2011-07-22 18:35 . 2011-07-22 18:35 -------- d-----w- e:\windows\ufa
2011-07-21 12:03 . 2011-07-21 12:03 -------- d-----w- e:\windows\av_ico
2011-07-21 11:15 . 2011-07-22 18:35 246272 ----a-w- e:\windows\unrar.exe
2011-07-21 11:02 . 2011-07-22 20:47 -------- d--h--w- e:\windows\update.tray-8-0-lnk
2011-07-21 11:02 . 2011-07-22 20:47 -------- d--h--w- e:\windows\update.tray-8-0
2011-07-05 17:49 . 2011-07-05 17:49 -------- d-----w- e:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 19:11 . 2011-05-24 11:43 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- e:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- e:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- e:\windows\system32\amdocl.dll
2005-08-04 21:30 . 2005-08-04 21:28 10 ----a-w- e:\program files\cc.bin
2003-02-28 21:22 . 2005-08-04 21:30 140800 ----a-w- e:\program files\BINKPLAY.EXE
1999-10-08 21:31 . 2005-08-04 21:30 163840 ----a-w- e:\program files\UPDATE.EXE
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wscntfy.exe
.
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xmlprov.dll
.
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll
[-] 2002-11-27 02:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . e:\windows\system32\mspmsnsv.dll
.
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\d3d9.dll
[-] 2004-07-09 12:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . e:\windows\system32\d3d9.dll
.
e:\windows\System32\wscntfy.exe ... is missing !!
e:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-08-26 860160]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-21 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 62464]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2005-08-17 77824]
"PinnacleDriverCheck"="e:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016]
"Adobe Photo Downloader"="e:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SpywareTerminator"="e:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-05-06 1817600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2003-03-31 13312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2003-03-31 51200]
.
e:\documents and settings\rr\Start Menu\Programs\Startup\
Adobe Media Player.lnk - e:\program files\Adobe Media Player\Adobe Media Player.exe [2009-2-12 261120]
PowerReg Scheduler.exe [2005-8-15 256000]
.
e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth.lnk - e:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-3-30 569405]
hp psc 1000 series.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Picture Package Menu.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-9-1 151552]
Picture Package VCD Maker.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-9-1 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
R0 avgntmgr;avgntmgr;e:\windows\system32\drivers\avgntmgr.sys [3.5.2008 20:32 22360]
R0 sonypvl2;sonypvl2;e:\windows\system32\drivers\sonypvl2.sys [2.7.2005 20:51 19478]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [30.8.2010 20:28 697328]
R0 viasraid;viasraid;e:\windows\system32\drivers\viasraid.sys [11.8.2003 16:52 75904]
R1 avgntdd;avgntdd;e:\windows\system32\drivers\avgntdd.sys [3.5.2008 20:32 45400]
R1 sonypvf2;sonypvf2;e:\windows\system32\drivers\sonypvf2.sys [2.7.2005 20:51 635012]
R1 sonypvt2;sonypvt2;e:\windows\system32\drivers\sonypvt2.sys [2.7.2005 20:51 431236]
R1 sp_rsdrv2;Spyware Terminator Driver 2;e:\windows\system32\drivers\sp_rsdrv2.sys [6.5.2008 5:39 141312]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
R2 ICQ Service;ICQ Service;e:\program files\ICQ6Toolbar\ICQ Service.exe [19.6.2008 15:30 222968]
R2 Pokernet;Pokernet;e:\documents and settings\rr\Application Data\MyPokerLab\Pokernet\Pokernet Service.exe [15.10.2010 10:30 520192]
R3 seehcri;Sony Ericsson seehcri Device Driver;e:\windows\system32\drivers\seehcri.sys [19.4.2010 19:24 27632]
S1 sonypvd2;sonypvd2;e:\windows\system32\drivers\sonypvd2.sys [2.7.2005 20:51 64093]
S2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;"e:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe" --> e:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [?]
S2 gupdate;Služba Google Update (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [2.2.2010 16:50 135664]
S3 gupdatem;Služba Google Update (gupdatem);e:\program files\Google\Update\GoogleUpdate.exe [2.2.2010 16:50 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [22.7.2011 21:22 38224]
S3 pnicml;pnicml;\??\e:\docume~1\rr\LOCALS~1\Temp\pnicml.sys --> e:\docume~1\rr\LOCALS~1\Temp\pnicml.sys [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;e:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [17.1.2011 9:59 155344]
.
Contents of the 'Scheduled Tasks' folder
.
2005-09-16 e:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8115396095.job
- e:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
2011-07-23 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:50]
.
2011-07-23 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - e:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - e:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send To &Bluetooth - e:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 10.0.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - e:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-sysdriver32.exe - e:\windows\sysdriver32.exe
HKLM-Run-sysdriver32_.exe - e:\windows\sysdriver32_.exe
AddRemove-Adobe Acrobat 4.0 - e:\windows\ISUN0407.EXE
AddRemove-NHL 98 - e:\ea sports\NHL 98\DeIsL1.isu
AddRemove-Worms2 - e:\team17\Worms2\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-23 21:11
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
e:\windows\system32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(816)
e:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(3852)
e:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
e:\program files\Common Files\Microsoft Shared\Web Components\10\1051\OWCI10.DLL
e:\windows\System32\MSCTF.dll
e:\windows\System32\mlang.dll
e:\windows\System32\msimtf.dll
e:\windows\System32\MSLS31.DLL
.
------------------------ Other Running Processes ------------------------
.
e:\windows\System32\Ati2evxx.exe
e:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Spyware Terminator\sp_rsser.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
e:\windows\System32\WgaTray.exe
e:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
e:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
.
**************************************************************************
.
Completion time: 2011-07-23 21:14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-23 19:14
.
Pre-Run: 6 589 812 736 bytes free
Post-Run: 6 653 493 248 voľných bajtov
.
- - End Of File - - 4D03D8AEC08BBFE087ED317D358CC923

[vyosek]

Zdravim a pekny vecer preji

Vas log se studuje a pracuje se na nem .
Prosim o strpeni!

[vlady7]

áno super ďakujem velmi pekne

[vyosek]

Combofix se nema pouzivat bez doporuceni - vizte nize

Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Pri spusteni CFka by mela byt nabidnuta instalace Recovery Console (Konzoly pro zotaveni, nechte ji nainstalovat)

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  e:\windows\unrar.exe
  e:\documents and settings\rr\Start Menu\Programs\Startup\Adobe Media Player.lnk
  e:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
  e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  Folder::
  e:\windows\phoenix
  e:\windows\ufa
  e:\windows\av_ico
  e:\windows\update.tray-8-0-lnk
  e:\windows\update.tray-8-0
  e:\program files\ICQ6Toolbar
  
  Restore::
  e:\windows\System32\wscntfy.exe
  e:\windows\System32\xmlprov.dll
  
  SrPeek::
  e:\windows\System32\wscntfy.exe
  e:\windows\System32\xmlprov.dll
  
  Mia::
  e:\windows\System32\wscntfy.exe
  e:\windows\System32\xmlprov.dll
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "PcSync"=-
  "swg"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "Adobe Photo Downloader"=-
  "SpywareTerminator"=-
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "RunNarrator"=-
  
  Driver::
  ICQ Service
  gupdate
  gupdatem
  pnicml
  
  Rootkit::
  e:\docume~1\rr\LOCALS~1\Temp\pnicml.sys
  
  DDS::
  uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1098640
  uInternet Connection Wizard,ShellNext = iexplore
  uSearchAssistant = hxxp://www.google.com/ie
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[vlady7]

to som si neuvedomil chcel som len urýchliť robotu a mohol som všetko pokaziť :/ no takže vyplulo mi tento log

ComboFix 11-07-23.04 - rr 23.07.2011 21:44:42.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.421.1033.18.511.287 [GMT 2:00]
Running from: e:\documents and settings\rr\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\rr\Desktop\CFScript.txt
.
FILE ::
"e:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk"
"e:\documents and settings\rr\Start Menu\Programs\Startup\Adobe Media Player.lnk"
"e:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"e:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"e:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
e:\documents and settings\rr\Start Menu\Programs\Startup\Adobe Media Player.lnk
e:\program files\ICQ6Toolbar
e:\program files\ICQ6Toolbar\Icons.bmp
e:\program files\ICQ6Toolbar\ICQ Service.exe
e:\program files\ICQ6Toolbar\icq6Toolbar.ico
e:\program files\ICQ6Toolbar\ICQToolBar.dll
e:\program files\ICQ6Toolbar\ICQUnToolbar.exe
e:\program files\ICQ6Toolbar\logo_small.gif
e:\program files\ICQ6Toolbar\ServiceStarter.exe
e:\program files\ICQ6Toolbar\short.wav
e:\program files\ICQ6Toolbar\Version.txt
e:\program files\update.exe
e:\program files\version.txt
e:\windows\av_ico
e:\windows\av_ico\ico_avira_start.ico
e:\windows\btc_client_iplist.txt
e:\windows\ddh_iplist.txt
e:\windows\front_ip_list.txt
e:\windows\iecheck_iplist.txt
e:\windows\info1
e:\windows\iplist.txt
e:\windows\loader2.exe_ok
e:\windows\phoenix
e:\windows\phoenix.rar
e:\windows\phoenix\kernels\phatk\__init__.py
e:\windows\phoenix\kernels\phatk\__init__.pyc
e:\windows\phoenix\kernels\phatk\BFIPatcher.py
e:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
e:\windows\phoenix\kernels\phatk\kernel.cl
e:\windows\phoenix\kernels\poclbm\__init__.py
e:\windows\phoenix\kernels\poclbm\__init__.pyc
e:\windows\phoenix\kernels\poclbm\BFIPatcher.py
e:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
e:\windows\phoenix\kernels\poclbm\kernel.cl
e:\windows\phoenix\phoenix.exe
e:\windows\rpcminer.rar
e:\windows\system32\drivers\etc\HSTS~1
e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
e:\windows\ufa
e:\windows\ufa.rar
e:\windows\ufa\ufa.exe
e:\windows\unrar.exe
e:\windows\update.tray-8-0-lnk
e:\windows\update.tray-8-0
e:\windows\winlog-dirs.txt
e:\windows\winlog-ids.txt
.
e:\windows\System32\wscntfy.exe . . . is infected!!
.
e:\windows\System32\xmlprov.dll . . . is infected!!
.
Infected copy of e:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - e:\windows\ERDNT\cache\atapi.sys
.
e:\windows\System32\wscntfy.exe . . . is missing!!
.
e:\windows\System32\xmlprov.dll . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_ICQ_SERVICE
-------\Legacy_PNICML
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_ICQ Service
-------\Service_pnicml
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\documents and settings\rr\Application Data\Malwarebytes
2011-07-22 19:22 . 2010-12-20 16:09 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-22 19:22 . 2011-07-22 19:22 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2011-07-22 19:22 . 2010-12-20 16:08 19288 ----a-w- e:\windows\system32\drivers\mbam.sys
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\AMD APP
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\ATI
2011-07-22 18:58 . 2011-07-22 18:58 -------- d-----w- e:\program files\ATI Technologies
2011-07-22 18:48 . 2011-07-22 18:55 -------- d-----w- e:\program files\trend micro
2011-07-22 18:48 . 2011-07-22 18:49 -------- d-----w- E:\rsit
2011-07-22 18:47 . 2011-07-22 18:47 -------- d-----w- E:\ATI
2011-07-05 17:49 . 2011-07-05 17:49 -------- d-----w- e:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-17 19:11 . 2011-05-24 11:43 404640 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- e:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- e:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- e:\windows\system32\amdocl.dll
2005-08-04 21:30 . 2005-08-04 21:28 10 ----a-w- e:\program files\cc.bin
2003-02-28 21:22 . 2005-08-04 21:30 140800 ----a-w- e:\program files\BINKPLAY.EXE
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll
[-] 2002-11-27 02:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . e:\windows\system32\mspmsnsv.dll
.
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . e:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\d3d9.dll
[-] 2004-07-09 12:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . e:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-07-23_19.11.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-23 19:56 . 2011-07-23 19:56 16384 e:\windows\temp\Perflib_Perfdata_b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-11-13 62464]
"PinnacleDriverCheck"="e:\windows\System32\PSDrvCheck.exe" [2003-12-04 406016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2003-03-31 13312]
.
e:\documents and settings\rr\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-8-15 256000]
.
e:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - e:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-3-30 569405]
hp psc 1000 series.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - e:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Picture Package Menu.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-9-1 151552]
Picture Package VCD Maker.lnk - e:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-9-1 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
R0 avgntmgr;avgntmgr;e:\windows\system32\drivers\avgntmgr.sys [3.5.2008 20:32 22360]
R0 sonypvl2;sonypvl2;e:\windows\system32\drivers\sonypvl2.sys [2.7.2005 20:51 19478]
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [30.8.2010 20:28 697328]
R0 viasraid;viasraid;e:\windows\system32\drivers\viasraid.sys [11.8.2003 16:52 75904]
R1 avgntdd;avgntdd;e:\windows\system32\drivers\avgntdd.sys [3.5.2008 20:32 45400]
R1 sonypvf2;sonypvf2;e:\windows\system32\drivers\sonypvf2.sys [2.7.2005 20:51 635012]
R1 sonypvt2;sonypvt2;e:\windows\system32\drivers\sonypvt2.sys [2.7.2005 20:51 431236]
R1 sp_rsdrv2;Spyware Terminator Driver 2;e:\windows\system32\drivers\sp_rsdrv2.sys [6.5.2008 5:39 141312]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
R2 Pokernet;Pokernet;e:\documents and settings\rr\Application Data\MyPokerLab\Pokernet\Pokernet Service.exe [15.10.2010 10:30 520192]
R3 seehcri;Sony Ericsson seehcri Device Driver;e:\windows\system32\drivers\seehcri.sys [19.4.2010 19:24 27632]
S1 sonypvd2;sonypvd2;e:\windows\system32\drivers\sonypvd2.sys [2.7.2005 20:51 64093]
S2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;"e:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe" --> e:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [22.7.2011 21:22 38224]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;e:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [17.1.2011 9:59 155344]
.
Contents of the 'Scheduled Tasks' folder
.
2005-09-16 e:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8115396095.job
- e:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - e:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - e:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send To &Bluetooth - e:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: DhcpNameServer = 10.0.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - e:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ICQToolbar - e:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-23 21:57
Windows 5.1.2600 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
e:\windows\system32\ODBC32.dll
.
- - - - - - - > 'lsass.exe'(820)
e:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(4008)
e:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
e:\program files\Common Files\Microsoft Shared\Web Components\10\1051\OWCI10.DLL
e:\windows\System32\MSCTF.dll
e:\windows\System32\mlang.dll
e:\windows\System32\msimtf.dll
e:\windows\System32\MSLS31.DLL
.
------------------------ Other Running Processes ------------------------
.
e:\windows\System32\Ati2evxx.exe
e:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Spyware Terminator\sp_rsser.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
e:\windows\System32\WgaTray.exe
e:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
.
**************************************************************************
.
Completion time: 2011-07-23 22:00:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-23 20:00
ComboFix2.txt 2011-07-23 19:14
.
Pre-Run: 6 555 873 280 bytes free
Post-Run: 6 538 682 368 voľných bajtov
.
- - End Of File - - 3E74B390CE8A86A3017DCA4EFD25DADD

[vyosek]

Poprosim o log z RSIT - viz muj podpis

[vlady7]

log z RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by rr at 2011-07-23 22:40:29
Systém Microsoft Windows XP Professional Service Pack 1
System drive E: has 6 GB (8%) free of 76 GB
Total RAM: 511 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:38, on 23.7.2011
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Documents and Settings\rr\Application Data\MyPokerLab\Pokernet\Pokernet Service.exe
E:\Program Files\Spyware Terminator\sp_rsser.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\WgaTray.exe
E:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Documents and Settings\rr\Desktop\RSIT.exe
E:\Program Files\trend micro\rr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://E:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: PokerTime - {1C5F27AD-1F34-406B-8733-509FB6D70763} - E:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Unknown owner - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Pokernet - Badbeat.com - E:\Documents and Settings\rr\Application Data\MyPokerLab\Pokernet\Pokernet Service.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - E:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: (no name) - http://www.fanpop.com/images/buttons/add-button.gif

--
End of file - 9161 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1115396095.job

=========Mozilla firefox=========

ProfilePath - E:\Documents and Settings\rr\Application Data\Mozilla\Firefox\Profiles\2dvvrbo1.default

prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, plugin@gameplaylabs.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"jqs@sun.com"=E:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=E:\PROGRA~1\Crawler\Toolbar\firefox\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=E:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=E:\WINDOWS\System32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=E:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=E:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

E:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

E:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

E:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

E:\Documents and Settings\rr\Application Data\Mozilla\Firefox\Profiles\2dvvrbo1.default\extensions\
plugin@gameplaylabs.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
E:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-06-19 1190912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-24 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-06-20 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - E:\WINDOWS\System32\msdxm.ocx [2003-03-31 842268]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-06-19 1190912]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll []
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-06-20 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2003-11-13 62464]
"PinnacleDriverCheck"=E:\WINDOWS\System32\PSDrvCheck.exe [2003-12-04 406016]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - E:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
hp psc 1000 series.lnk - E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office10\OSA.EXE
Picture Package Menu.lnk - E:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk - E:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

E:\Documents and Settings\rr\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=E:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=E:\WINDOWS\System32\iac25_32.ax
"VIDC.IV41"=ir41_32.dll
"VIDC.MKVC"=KMVIDC32.DLL
"VIDC.MJPG"=Pvmjpg21.dll
"VIDC.PIM1"=pclepim1.dll
"VIDC.I420"=vdrcodec.dll
"VIDC.WMV3"=wmv9vcm.dll
"vidc.VP60"=E:\WINDOWS\System32\vp6vfw.dll
"vidc.VP61"=E:\WINDOWS\System32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-07-23 22:00:06 ----A---- E:\ComboFix.txt
2011-07-23 21:53:48 ----D---- E:\WINDOWS\temp
2011-07-23 21:41:22 ----A---- E:\WINDOWS\NIRCMD.exe
2011-07-23 21:35:10 ----A---- E:\Boot.bak
2011-07-23 21:35:03 ----RASHD---- E:\cmdcons
2011-07-23 20:44:06 ----A---- E:\WINDOWS\zip.exe
2011-07-23 20:44:06 ----A---- E:\WINDOWS\SWXCACLS.exe
2011-07-23 20:44:06 ----A---- E:\WINDOWS\SWSC.exe
2011-07-23 20:44:06 ----A---- E:\WINDOWS\SWREG.exe
2011-07-23 20:44:06 ----A---- E:\WINDOWS\sed.exe
2011-07-23 20:44:06 ----A---- E:\WINDOWS\PEV.exe
2011-07-23 20:44:06 ----A---- E:\WINDOWS\MBR.exe
2011-07-23 20:44:06 ----A---- E:\WINDOWS\grep.exe
2011-07-23 20:43:55 ----D---- E:\WINDOWS\ERDNT
2011-07-23 20:43:42 ----D---- E:\Qoobox
2011-07-23 20:31:13 ----A---- E:\WINDOWS\ntbtlog.txt
2011-07-22 22:28:54 ----A---- E:\TDSSKiller.2.5.11.0_22.07.2011_22.28.54_log.txt
2011-07-22 21:22:41 ----D---- E:\Documents and Settings\rr\Application Data\Malwarebytes
2011-07-22 21:22:33 ----A---- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
2011-07-22 21:22:32 ----D---- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-07-22 21:22:29 ----D---- E:\Program Files\Malwarebytes' Anti-Malware
2011-07-22 21:22:29 ----A---- E:\WINDOWS\System32\drivers\mbam.sys
2011-07-22 20:58:34 ----D---- E:\Program Files\AMD APP
2011-07-22 20:58:25 ----D---- E:\Program Files\ATI
2011-07-22 20:58:10 ----D---- E:\Program Files\ATI Technologies
2011-07-22 20:48:32 ----D---- E:\Program Files\trend micro
2011-07-22 20:48:26 ----D---- E:\rsit
2011-07-22 20:47:40 ----D---- E:\ATI
2011-07-05 19:49:01 ----D---- E:\Program Files\LogMeIn Hamachi

======List of files/folders modified in the last 1 month======

2011-07-23 22:21:05 ----D---- E:\Program Files\Mozilla Firefox
2011-07-23 22:00:10 ----D---- E:\WINDOWS\System32\drivers
2011-07-23 21:58:52 ----D---- E:\WINDOWS\System32\CatRoot2
2011-07-23 21:56:55 ----D---- E:\WINDOWS
2011-07-23 21:56:55 ----A---- E:\WINDOWS\system.ini
2011-07-23 21:56:37 ----D---- E:\WINDOWS\System32\drivers\etc
2011-07-23 21:54:13 ----D---- E:\WINDOWS\System32\config
2011-07-23 21:53:15 ----RD---- E:\Program Files
2011-07-23 21:53:13 ----SD---- E:\WINDOWS\Tasks
2011-07-23 21:50:15 ----D---- E:\WINDOWS\system32
2011-07-23 21:50:15 ----D---- E:\WINDOWS\AppPatch
2011-07-23 21:50:11 ----D---- E:\Program Files\Common Files
2011-07-23 21:35:10 ----RASH---- E:\boot.ini
2011-07-23 21:34:00 ----A---- E:\WINDOWS\SchedLgU.Txt
2011-07-23 21:10:05 ----A---- E:\WINDOWS\System32\PerfStringBackup.INI
2011-07-22 22:49:21 ----HDC---- E:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
2011-07-22 22:01:41 ----D---- E:\WINDOWS\Prefetch
2011-07-22 20:58:38 ----SHD---- E:\WINDOWS\Installer
2011-07-21 19:27:50 ----D---- E:\Documents and Settings\All Users\Application Data\Spyware Terminator
2011-07-21 19:27:42 ----D---- E:\Program Files\Spyware Terminator
2011-07-21 19:26:26 ----D---- E:\Documents and Settings\rr\Application Data\Spyware Terminator
2011-07-21 14:03:20 ----SHD---- E:\System Volume Information
2011-07-21 14:03:20 ----D---- E:\WINDOWS\System32\Restore
2011-07-21 14:02:42 ----SHD---- E:\WINDOWS\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 avgntmgr;avgntmgr; E:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys [2009-05-31 22360]
R0 Imagedrv;Imagedrv; E:\WINDOWS\System32\DRIVERS\imagedrv.sys [2003-03-30 89184]
R0 sonypvl2;sonypvl2; E:\WINDOWS\System32\drivers\sonypvl2.sys [2003-07-26 19478]
R0 sptd;sptd; E:\WINDOWS\System32\Drivers\sptd.sys [2010-08-30 697328]
R0 viasraid;viasraid; E:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 75904]
R1 AFS2K;AFS2k; E:\WINDOWS\System32\drivers\AFS2K.sys [2004-10-08 35840]
R1 avgntdd;avgntdd; E:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-05-31 45400]
R1 avipbb;avipbb; E:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-05-31 75096]
R1 cdrbsvsd;cdrbsvsd; E:\WINDOWS\System32\drivers\cdrbsvsd.sys [2003-12-04 13566]
R1 PCLEPCI;PCLEPCI; \??\E:\WINDOWS\System32\Drivers\PCLEPCI.SYS []
R1 sonypvf2;sonypvf2; E:\WINDOWS\System32\drivers\sonypvf2.sys [2003-08-20 635012]
R1 sonypvt2;sonypvt2; E:\WINDOWS\System32\drivers\sonypvt2.sys [2003-08-20 431236]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\E:\WINDOWS\System32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; E:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 StarOpen;StarOpen; E:\WINDOWS\System32\drivers\StarOpen.sys [2006-07-24 5632]
R2 BTSERIAL;Bluetooth Serial Driver; \??\E:\WINDOWS\System32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\E:\WINDOWS\System32\drivers\btslbcsp.sys []
R2 Fallback;Fallback; E:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; E:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; E:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MASPINT;MASPINT; E:\WINDOWS\System32\drivers\MASPINT.sys [2000-03-30 8096]
R2 SoftFax;SoftFax; E:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; E:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; E:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXSENS;Service for WDM 3D Audio Driver; E:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-11-13 391680]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-11-13 481596]
R3 ASAPIW2k;ASAPIW2K; E:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
R3 ati2mtag;ati2mtag; E:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-06-25 587264]
R3 basic2;basic2; E:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
R3 BTKRNL;Bluetooth Bus Enumerator; E:\WINDOWS\System32\DRIVERS\btkrnl.sys [2005-03-30 1340698]
R3 catchme;catchme; \??\E:\ComboFix\catchme.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; E:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 hamachi;Hamachi Network Interface; E:\WINDOWS\System32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 hsf_msft;hsf_msft; E:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
R3 Rksample;Rksample; E:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; E:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 seehcri;Sony Ericsson seehcri Device Driver; E:\WINDOWS\System32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-03-31 19328]
S1 sonypvd2;sonypvd2; E:\WINDOWS\System32\DRIVERS\sonypvd2.sys [2003-06-24 64093]
S3 aglxgh7t;aglxgh7t; E:\WINDOWS\System32\drivers\aglxgh7t.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; E:\WINDOWS\System32\DRIVERS\btport.sys [2005-03-30 30299]
S3 btwmodem;Bluetooth Modem; E:\WINDOWS\System32\DRIVERS\btwmodem.sys [2005-03-30 30125]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; E:\WINDOWS\System32\Drivers\btwusb.sys [2005-03-30 55448]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; E:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\E:\WINDOWS\System32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\E:\DOCUME~1\rr\LOCALS~1\Temp\mbr.sys []
S3 Nokia USB Generic;Nokia USB Generic; E:\WINDOWS\system32\drivers\nmwcdc.sys [2005-08-10 7278]
S3 Nokia USB Modem;Nokia USB Modem; E:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-08-10 10991]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; E:\WINDOWS\system32\drivers\nmwcd.sys [2005-08-10 128797]
S3 Nokia USB Port;Nokia USB Port; E:\WINDOWS\system32\drivers\nmwcdcj.sys [2005-08-10 10991]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); E:\WINDOWS\System32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; E:\WINDOWS\System32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; E:\WINDOWS\System32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); E:\WINDOWS\System32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); E:\WINDOWS\System32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; E:\WINDOWS\System32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); E:\WINDOWS\System32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 sermouse;Serial Mouse Driver; E:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); E:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; E:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; E:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 tap0901;TAP-Win32 Adapter V9; E:\WINDOWS\System32\DRIVERS\tap0901.sys [2010-08-20 26112]
S3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 usbser;Motorola USB Modem Driver; E:\WINDOWS\System32\DRIVERS\usbser.sys [2001-08-17 24192]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\System32\Ati2evxx.exe [2003-06-25 294912]
R2 btwdins;Bluetooth Service; E:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe [2005-03-30 254007]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; E:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2010-06-02 153376]
R2 Pokernet;Pokernet; E:\Documents and Settings\rr\Application Data\MyPokerLab\Pokernet\Pokernet Service.exe [2011-06-02 520192]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; E:\Program Files\Spyware Terminator\sp_rsser.exe [2008-05-06 606720]
R2 StarWindServiceAE;StarWind AE Service; E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe []
S2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe []
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-14 182768]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Pml Driver HPZ12;Pml Driver HPZ12; E:\WINDOWS\System32\HPZipm12.exe [2003-04-07 65795]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; E:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]

-----------------EOF-----------------

[vyosek]

Uvolnete volne misto na disku na 10 giga

Nainstalujte Service Pack 2 a nasledne Service Pack 3, bude pres windows update nebo zde odkazy v clanku http://viry.cz/forum/viewtopic.php?f=46&t=86100

[vlady7]

service pack 2 tam neviem nájsť postačí iba 3 alebo treba aj tú 2 stiahnuuť???

[vlady7]

nič nič už sa mi sťahuje 2ka našiel som

[vyosek]

Musite dvojku a pak trojku...

Pak napiste, ja tu budu az vecer

[vlady7]

Zdravím service pack 2 nainštalovaná ..pri inštalácii 3ky mi hodí mi vyhodí :

Inštalační program nemuže aktualizovat soubory systému Windows XP, protože jeho jazyková verze je jiná než jazyková verze aktualizace

mohli by ste mi prosínm poradiť čo teraz?

[vyosek]

Musite na webu windows update stahnout SK verzi SP3

[vlady7]

SP3 som sťahoval cez tn odkaz čo ste dali ale SP2 nie ten som zadal do googlu lebo na tom odkaze čo ste dali som nevedel nájsť SP2....čiže ten SP3 by mal byť SK verzia nebude problém v tej 2ke???

[vyosek]

Zkuste napsat na podporu micorosoftu, meli by mit primo odkazy a pomoci tez umi