VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

RSIT log (možný vírus)

https://forum.viry.cz:443/viewtopic.php?t=114543

Stránka 1 z 2

RSIT log (možný vírus)

Napsal: 17 srp 2011 09:39
od Flash7
Zdravím, v poslednom čase mám pár problémov na PC, čo sa týka rýchlosti, teda spomalené načítavanie pri spušťaní a podobne. Ale hlavne prosím ten log skontrolovať kvôli tejto správe:

Obrázek

Vypísalo mi to včera večer, nešlo to dať ani liečiť...


Logfile of random's system information tool 1.08 (written by random/random)
Run by Martin at 2011-08-17 10:35:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 243 GB (28%) free of 853 GB
Total RAM: 3326 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:40, on 17.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Martin\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [Visual Task Tips] "C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [ESET] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 9493 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RMSchedule.job
C:\WINDOWS\tasks\RMSmartUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-27 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Visual Task Tips"=C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-27 16875008]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-13 148888]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"D-Link AirPlus XtremeG DWL-G122"=C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe [2008-12-19 1556480]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-27 198160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-05-20 306088]
"ESET"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-28 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnalogClock]
C:\Program Files\Windows7\Analog Clock\AnalogClock.exe [2005-11-05 480256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.4\ICQ.exe [2011-04-07 119608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
C:\Documents and Settings\Martin\Local Settings\Application Data\MXSkypeRecorder\MXSkypeRecorder.exe [2009-06-18 561064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pie Dock]
C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe [2007-09-02 586240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-05-20 306088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
C:\Program Files\Windows7\TopDesk\topdesk.exe [2007-06-20 1912832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viena Explorer]
C:\Program Files\Windows7\Vienna Explorer\Vienna Explorer.exe [2006-11-18 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe [2011-07-07 625952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2
"wuauserv"=2
"WMPNetworkSvc"=3
"JavaQuickStarterService"=2
"gupdate1c9cf1520895eca"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Martin\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
TPSvc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-12 190976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-04-28 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\Launcher.exe"="C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Martin\Desktop\Programy\Internet\Fake IP\FakeIP\DC_IS.EXE"="C:\Documents and Settings\Martin\Desktop\Programy\Internet\Fake IP\FakeIP\DC_IS.EXE:*:Enabled:DC_IS"
"C:\Program Files\ACSPMonitor\ASMonitor.exe"="C:\Program Files\ACSPMonitor\ASMonitor.exe:*:Enabled:System"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\EA GAMES\Command and Conquer Generals\game.dat"="C:\Program Files\EA GAMES\Command and Conquer Generals\game.dat:*:Enabled:game"
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat"="C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"C:\Program Files\EA GAMES\Command & Conquer Generals Zero Hour\game.dat"="C:\Program Files\EA GAMES\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Pyro Studios\Imperial Glory\ImperialGlory.exe"="C:\Program Files\Pyro Studios\Imperial Glory\ImperialGlory.exe:*:Enabled:ImperialGlory"
"C:\Documents and Settings\Martin\Desktop\Hry\Stronghold Crusader\Stronghold Crusader.exe"="C:\Documents and Settings\Martin\Desktop\Hry\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Program Files\keyclone\keyclone.exe"="C:\Program Files\keyclone\keyclone.exe:*:Enabled:keyclone"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Documents and Settings\Martin\Local Settings\Apps\2.0\DZ4E3HTC.YDE\CZ1GC0M3.6Q7\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe"="C:\Documents and Settings\Martin\Local Settings\Apps\2.0\DZ4E3HTC.YDE\CZ1GC0M3.6Q7\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe:*:Enabled:Curse Client 4.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======List of files/folders created in the last 1 months======

2011-08-14 22:24:46 ----D---- C:\Program Files\LucasArts
2011-08-14 22:24:35 ----A---- C:\WINDOWS\uninst.exe
2011-08-14 22:24:34 ----A---- C:\WINDOWS\_delis43.ini
2011-08-14 11:26:30 ----D---- C:\Documents and Settings\Martin\Application Data\Registry Mechanic
2011-08-14 11:23:20 ----A---- C:\WINDOWS\system32\CleanMFT32.exe
2011-08-14 11:23:16 ----D---- C:\Program Files\Registry Mechanic
2011-08-14 11:23:16 ----D---- C:\Program Files\Common Files\PC Tools
2011-08-14 11:23:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-08-13 22:02:03 ----D---- C:\Documents and Settings\Martin\Application Data\DivX
2011-08-13 22:01:36 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2011-08-13 22:01:36 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\vxblock.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxwave.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxsfs.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxmas.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxdrv.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxafs.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\px.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2011-08-13 22:01:11 ----D---- C:\Program Files\Common Files\DivX Shared
2011-08-13 21:57:47 ----D---- C:\Program Files\DivX
2011-08-13 21:55:45 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2011-08-10 18:38:28 ----AD---- C:\PHP-Fusion 7.01.04
2011-07-22 22:51:50 ----A---- C:\WINDOWS\system32\dpl100.dll
2011-07-18 23:24:54 ----D---- C:\Program Files\VirtualDJ
2011-07-18 21:32:20 ----D---- C:\Documents and Settings\Martin\Application Data\Apple Computer

======List of files/folders modified in the last 1 months======

2011-08-17 10:35:39 ----D---- C:\Program Files\trend micro
2011-08-17 10:35:35 ----D---- C:\WINDOWS\Temp
2011-08-17 10:35:33 ----A---- C:\WINDOWS\NeroDigital.ini
2011-08-17 10:18:21 ----D---- C:\WINDOWS\Prefetch
2011-08-17 10:16:01 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2011-08-17 10:15:53 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-17 10:13:04 ----D---- C:\WINDOWS\system32\drivers
2011-08-16 23:54:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-16 23:54:34 ----D---- C:\Documents and Settings\Martin\Application Data\Skype
2011-08-16 21:06:57 ----D---- C:\Documents and Settings\Martin\Application Data\Mumble
2011-08-16 13:56:42 ----D---- C:\Documents and Settings\Martin\Application Data\skypePM
2011-08-15 22:24:57 ----D---- C:\Documents and Settings\Martin\Application Data\Adobe
2011-08-14 22:24:46 ----RD---- C:\Program Files
2011-08-14 22:24:35 ----D---- C:\WINDOWS
2011-08-14 11:23:40 ----SD---- C:\WINDOWS\Tasks
2011-08-14 11:23:20 ----D---- C:\WINDOWS\system32
2011-08-14 11:23:16 ----D---- C:\Program Files\Common Files
2011-08-13 22:01:16 ----SHD---- C:\WINDOWS\Installer
2011-08-13 22:01:15 ----D---- C:\WINDOWS\WinSxS
2011-08-11 22:24:08 ----A---- C:\WINDOWS\wincmd.ini
2011-08-11 22:15:12 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-08-10 18:55:32 ----D---- C:\Documents and Settings\Martin\Application Data\vlc
2011-08-03 17:22:02 ----HD---- C:\WINDOWS\inf
2011-07-18 23:24:58 ----D---- C:\WINDOWS\Fonts
2011-07-18 22:41:55 ----D---- C:\Documents and Settings\Martin\Application Data\Sony

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-07 685816]
R0 szkg5;szkg5; C:\WINDOWS\system32\DRIVERS\szkg.sys [2009-12-07 61328]
R0 szkgfs;szkgfs; C:\WINDOWS\system32\drivers\szkgfs.sys [2010-05-12 59280]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R3 bbcap;bbcap; C:\WINDOWS\system32\DRIVERS\bbcap.sys [2009-12-21 4096]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-07-07 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-27 4742656]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2011-05-24 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 xcpip;TCP/IP Protocol Driver; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;IPSEC driver; C:\WINDOWS\system32\drivers\xpsec.sys []
S0 is3srv;is3srv; C:\WINDOWS\system32\drivers\is3srv.sys [2009-12-07 61328]
S3 afroddxv;afroddxv; C:\WINDOWS\system32\drivers\afroddxv.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\catchme.sys []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 rt2500usb;DWL-G122(rev.B) USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys []
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-28 82944]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-09-19 72704]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-30 168004]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-18 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-18 107832]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2010-12-15 62928]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-07-07 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-13 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gupdate1c9cf1520895eca;Služba Google Update (gupdate1c9cf1520895eca); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-13 152984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 09:59
od vyosek
Zdravim a pekne dopoledne preji :)

:arrow: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
  • Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
  • Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
  • Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
  • Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
  • Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
  • Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 10:34
od Flash7
Našlo to jednu infekciu a pár podozrivých súborov. Tu je log:

2011/08/17 11:24:44.0671 2596 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/17 11:24:44.0750 2596 ================================================================================
2011/08/17 11:24:44.0750 2596 SystemInfo:
2011/08/17 11:24:44.0750 2596
2011/08/17 11:24:44.0750 2596 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/17 11:24:44.0750 2596 Product type: Workstation
2011/08/17 11:24:44.0750 2596 ComputerName: XPWINDOWS7
2011/08/17 11:24:44.0750 2596 UserName: Martin
2011/08/17 11:24:44.0750 2596 Windows directory: C:\WINDOWS
2011/08/17 11:24:44.0750 2596 System windows directory: C:\WINDOWS
2011/08/17 11:24:44.0750 2596 Processor architecture: Intel x86
2011/08/17 11:24:44.0750 2596 Number of processors: 4
2011/08/17 11:24:44.0750 2596 Page size: 0x1000
2011/08/17 11:24:44.0750 2596 Boot type: Normal boot
2011/08/17 11:24:44.0750 2596 ================================================================================
2011/08/17 11:24:45.0921 2596 Initialize success
2011/08/17 11:24:47.0468 5256 ================================================================================
2011/08/17 11:24:47.0468 5256 Scan started
2011/08/17 11:24:47.0468 5256 Mode: Manual;
2011/08/17 11:24:47.0468 5256 ================================================================================
2011/08/17 11:24:48.0640 5256 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/17 11:24:48.0687 5256 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/17 11:24:48.0828 5256 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/17 11:24:48.0859 5256 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/08/17 11:24:48.0968 5256 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
2011/08/17 11:24:49.0031 5256 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/17 11:24:49.0062 5256 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/17 11:24:49.0171 5256 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/17 11:24:49.0250 5256 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/17 11:24:49.0281 5256 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\WINDOWS\system32\DRIVERS\bbcap.sys
2011/08/17 11:24:49.0312 5256 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/17 11:24:49.0406 5256 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/17 11:24:49.0437 5256 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/17 11:24:49.0453 5256 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/17 11:24:49.0484 5256 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/17 11:24:49.0593 5256 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/17 11:24:49.0671 5256 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/17 11:24:49.0687 5256 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/17 11:24:49.0703 5256 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/17 11:24:49.0734 5256 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/17 11:24:49.0765 5256 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/17 11:24:49.0812 5256 eamon (797798ed835628109811b4c8a6e1b668) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/08/17 11:24:49.0859 5256 ehdrv (d56f9592ea30e6f049af0c7f1062cd48) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/08/17 11:24:49.0875 5256 epfwtdir (2f70747c739550e7f0de9430f17e093b) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/08/17 11:24:49.0906 5256 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
2011/08/17 11:24:49.0984 5256 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
2011/08/17 11:24:50.0062 5256 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/17 11:24:50.0093 5256 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/17 11:24:50.0109 5256 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/17 11:24:50.0125 5256 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/17 11:24:50.0156 5256 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/17 11:24:50.0203 5256 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/17 11:24:50.0265 5256 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/17 11:24:50.0359 5256 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
2011/08/17 11:24:50.0390 5256 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/08/17 11:24:50.0406 5256 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/17 11:24:50.0437 5256 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/08/17 11:24:50.0468 5256 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/17 11:24:50.0500 5256 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/17 11:24:50.0546 5256 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/17 11:24:50.0609 5256 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/17 11:24:50.0781 5256 IntcAzAudAddService (557e20484a095d949912883f5ab29e88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/17 11:24:51.0046 5256 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/17 11:24:51.0093 5256 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/17 11:24:51.0109 5256 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/17 11:24:51.0125 5256 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/17 11:24:51.0140 5256 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/17 11:24:51.0156 5256 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/17 11:24:51.0203 5256 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/17 11:24:51.0250 5256 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
2011/08/17 11:24:51.0281 5256 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/17 11:24:51.0343 5256 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/17 11:24:51.0406 5256 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/17 11:24:51.0421 5256 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/17 11:24:51.0437 5256 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/17 11:24:51.0484 5256 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/08/17 11:24:51.0531 5256 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/08/17 11:24:51.0593 5256 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/17 11:24:51.0656 5256 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/17 11:24:51.0687 5256 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/17 11:24:51.0703 5256 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/17 11:24:51.0718 5256 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/17 11:24:51.0812 5256 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/17 11:24:51.0859 5256 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/17 11:24:51.0875 5256 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/17 11:24:51.0906 5256 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/17 11:24:51.0968 5256 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/17 11:24:52.0031 5256 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/17 11:24:52.0078 5256 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/17 11:24:52.0140 5256 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/17 11:24:52.0156 5256 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/17 11:24:52.0187 5256 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/17 11:24:52.0187 5256 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/17 11:24:52.0218 5256 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/17 11:24:52.0234 5256 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/17 11:24:52.0265 5256 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/17 11:24:52.0281 5256 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/17 11:24:52.0312 5256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/17 11:24:52.0453 5256 nv (406ddab2b05d94d4818e97ff050d1bc6) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/17 11:24:52.0546 5256 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/17 11:24:52.0578 5256 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/17 11:24:52.0593 5256 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/17 11:24:52.0609 5256 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/17 11:24:52.0640 5256 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/17 11:24:52.0671 5256 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/17 11:24:52.0718 5256 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/17 11:24:52.0734 5256 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/17 11:24:52.0781 5256 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/08/17 11:24:53.0093 5256 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/17 11:24:53.0125 5256 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/17 11:24:53.0125 5256 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/17 11:24:53.0171 5256 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/17 11:24:53.0234 5256 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/17 11:24:53.0265 5256 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/17 11:24:53.0281 5256 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/17 11:24:53.0296 5256 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/17 11:24:53.0312 5256 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/17 11:24:53.0328 5256 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/17 11:24:53.0343 5256 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/17 11:24:53.0359 5256 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/17 11:24:53.0390 5256 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/17 11:24:53.0453 5256 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
2011/08/17 11:24:53.0500 5256 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
2011/08/17 11:24:53.0515 5256 RTLE8023xp (eeb84629064abcb6198864d25bf15b1a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/17 11:24:53.0593 5256 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
2011/08/17 11:24:53.0609 5256 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
2011/08/17 11:24:53.0656 5256 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
2011/08/17 11:24:53.0734 5256 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
2011/08/17 11:24:53.0765 5256 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/17 11:24:53.0781 5256 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/17 11:24:53.0796 5256 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/17 11:24:53.0875 5256 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/17 11:24:53.0937 5256 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/08/17 11:24:53.0953 5256 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/17 11:24:53.0984 5256 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/17 11:24:53.0984 5256 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/08/17 11:24:54.0000 5256 sptd - detected LockedFile.Multi.Generic (1)
2011/08/17 11:24:54.0031 5256 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/17 11:24:54.0046 5256 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/17 11:24:54.0109 5256 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/17 11:24:54.0171 5256 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/17 11:24:54.0484 5256 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/17 11:24:54.0500 5256 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
2011/08/17 11:24:54.0562 5256 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
2011/08/17 11:24:54.0625 5256 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/17 11:24:54.0703 5256 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/17 11:24:54.0718 5256 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/17 11:24:54.0734 5256 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/17 11:24:54.0781 5256 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/17 11:24:54.0828 5256 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/17 11:24:54.0906 5256 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/17 11:24:54.0921 5256 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/17 11:24:54.0984 5256 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/17 11:24:55.0000 5256 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/17 11:24:55.0015 5256 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/17 11:24:55.0031 5256 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/17 11:24:55.0062 5256 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/17 11:24:55.0078 5256 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/17 11:24:55.0109 5256 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/17 11:24:55.0218 5256 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/17 11:24:55.0312 5256 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/17 11:24:55.0328 5256 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/17 11:24:55.0390 5256 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
2011/08/17 11:24:55.0390 5256 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
2011/08/17 11:24:55.0390 5256 Boot (0x1200) (7922af791e009c098b531721fd8f5c01) \Device\Harddisk0\DR0\Partition0
2011/08/17 11:24:55.0437 5256 Boot (0x1200) (ddc475b82c10e2932c9aa4a361fda8f6) \Device\Harddisk0\DR0\Partition1
2011/08/17 11:24:55.0437 5256 ================================================================================
2011/08/17 11:24:55.0437 5256 Scan finished
2011/08/17 11:24:55.0437 5256 ================================================================================
2011/08/17 11:24:55.0437 4476 Detected object count: 2
2011/08/17 11:24:55.0437 4476 Actual detected object count: 2
2011/08/17 11:25:48.0734 4476 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/17 11:25:48.0750 4476 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/08/17 11:25:48.0750 4476 \Device\Harddisk0\DR0 - ok
2011/08/17 11:25:48.0750 4476 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/17 11:25:54.0500 2828 Deinitialize success

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 10:36
od vyosek
:arrow: Poprosim jeste o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

:arrow: Predpokladam, ze ten NOD32 mate legalni = zakoupena licence :???:

:arrow: Stahnete na plochu CKScanner
  • Spustte a kliknete na Search for files
  • Po dokonceni skenu kliknete na Save List to File a nasledne OK
  • Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 10:44
od Flash7
Ten NOD áno, prečo?

RSIT log.txt:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Martin at 2011-08-17 10:35:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 243 GB (28%) free of 853 GB
Total RAM: 3326 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:40, on 17.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Martin\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [Visual Task Tips] "C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [ESET] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 9493 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RMSchedule.job
C:\WINDOWS\tasks\RMSmartUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-27 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Visual Task Tips"=C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-27 16875008]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-13 148888]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"D-Link AirPlus XtremeG DWL-G122"=C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe [2008-12-19 1556480]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-27 198160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-05-20 306088]
"ESET"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-28 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnalogClock]
C:\Program Files\Windows7\Analog Clock\AnalogClock.exe [2005-11-05 480256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.4\ICQ.exe [2011-04-07 119608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
C:\Documents and Settings\Martin\Local Settings\Application Data\MXSkypeRecorder\MXSkypeRecorder.exe [2009-06-18 561064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pie Dock]
C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe [2007-09-02 586240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-05-20 306088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
C:\Program Files\Windows7\TopDesk\topdesk.exe [2007-06-20 1912832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viena Explorer]
C:\Program Files\Windows7\Vienna Explorer\Vienna Explorer.exe [2006-11-18 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe [2011-07-07 625952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2
"wuauserv"=2
"WMPNetworkSvc"=3
"JavaQuickStarterService"=2
"gupdate1c9cf1520895eca"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Martin\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
CurseClientStartup.ccip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
TPSvc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-12 190976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-04-28 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\Launcher.exe"="C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Martin\Desktop\Programy\Internet\Fake IP\FakeIP\DC_IS.EXE"="C:\Documents and Settings\Martin\Desktop\Programy\Internet\Fake IP\FakeIP\DC_IS.EXE:*:Enabled:DC_IS"
"C:\Program Files\ACSPMonitor\ASMonitor.exe"="C:\Program Files\ACSPMonitor\ASMonitor.exe:*:Enabled:System"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\EA GAMES\Command and Conquer Generals\game.dat"="C:\Program Files\EA GAMES\Command and Conquer Generals\game.dat:*:Enabled:game"
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat"="C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"C:\Program Files\EA GAMES\Command & Conquer Generals Zero Hour\game.dat"="C:\Program Files\EA GAMES\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Pyro Studios\Imperial Glory\ImperialGlory.exe"="C:\Program Files\Pyro Studios\Imperial Glory\ImperialGlory.exe:*:Enabled:ImperialGlory"
"C:\Documents and Settings\Martin\Desktop\Hry\Stronghold Crusader\Stronghold Crusader.exe"="C:\Documents and Settings\Martin\Desktop\Hry\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Program Files\keyclone\keyclone.exe"="C:\Program Files\keyclone\keyclone.exe:*:Enabled:keyclone"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Documents and Settings\Martin\Local Settings\Apps\2.0\DZ4E3HTC.YDE\CZ1GC0M3.6Q7\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe"="C:\Documents and Settings\Martin\Local Settings\Apps\2.0\DZ4E3HTC.YDE\CZ1GC0M3.6Q7\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe:*:Enabled:Curse Client 4.0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======List of files/folders created in the last 1 months======

2011-08-14 22:24:46 ----D---- C:\Program Files\LucasArts
2011-08-14 22:24:35 ----A---- C:\WINDOWS\uninst.exe
2011-08-14 22:24:34 ----A---- C:\WINDOWS\_delis43.ini
2011-08-14 11:26:30 ----D---- C:\Documents and Settings\Martin\Application Data\Registry Mechanic
2011-08-14 11:23:20 ----A---- C:\WINDOWS\system32\CleanMFT32.exe
2011-08-14 11:23:16 ----D---- C:\Program Files\Registry Mechanic
2011-08-14 11:23:16 ----D---- C:\Program Files\Common Files\PC Tools
2011-08-14 11:23:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-08-13 22:02:03 ----D---- C:\Documents and Settings\Martin\Application Data\DivX
2011-08-13 22:01:36 ----N---- C:\WINDOWS\system32\drivers\PxHelp20.sys
2011-08-13 22:01:36 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\vxblock.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxwave.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxsfs.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxmas.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxdrv.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\pxafs.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\px.dll
2011-08-13 22:01:35 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2011-08-13 22:01:11 ----D---- C:\Program Files\Common Files\DivX Shared
2011-08-13 21:57:47 ----D---- C:\Program Files\DivX
2011-08-13 21:55:45 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2011-08-10 18:38:28 ----AD---- C:\PHP-Fusion 7.01.04
2011-07-22 22:51:50 ----A---- C:\WINDOWS\system32\dpl100.dll
2011-07-18 23:24:54 ----D---- C:\Program Files\VirtualDJ
2011-07-18 21:32:20 ----D---- C:\Documents and Settings\Martin\Application Data\Apple Computer

======List of files/folders modified in the last 1 months======

2011-08-17 10:35:39 ----D---- C:\Program Files\trend micro
2011-08-17 10:35:35 ----D---- C:\WINDOWS\Temp
2011-08-17 10:35:33 ----A---- C:\WINDOWS\NeroDigital.ini
2011-08-17 10:18:21 ----D---- C:\WINDOWS\Prefetch
2011-08-17 10:16:01 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2011-08-17 10:15:53 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-17 10:13:04 ----D---- C:\WINDOWS\system32\drivers
2011-08-16 23:54:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-16 23:54:34 ----D---- C:\Documents and Settings\Martin\Application Data\Skype
2011-08-16 21:06:57 ----D---- C:\Documents and Settings\Martin\Application Data\Mumble
2011-08-16 13:56:42 ----D---- C:\Documents and Settings\Martin\Application Data\skypePM
2011-08-15 22:24:57 ----D---- C:\Documents and Settings\Martin\Application Data\Adobe
2011-08-14 22:24:46 ----RD---- C:\Program Files
2011-08-14 22:24:35 ----D---- C:\WINDOWS
2011-08-14 11:23:40 ----SD---- C:\WINDOWS\Tasks
2011-08-14 11:23:20 ----D---- C:\WINDOWS\system32
2011-08-14 11:23:16 ----D---- C:\Program Files\Common Files
2011-08-13 22:01:16 ----SHD---- C:\WINDOWS\Installer
2011-08-13 22:01:15 ----D---- C:\WINDOWS\WinSxS
2011-08-11 22:24:08 ----A---- C:\WINDOWS\wincmd.ini
2011-08-11 22:15:12 ----A---- C:\WINDOWS\wcx_ftp.ini
2011-08-10 18:55:32 ----D---- C:\Documents and Settings\Martin\Application Data\vlc
2011-08-03 17:22:02 ----HD---- C:\WINDOWS\inf
2011-07-18 23:24:58 ----D---- C:\WINDOWS\Fonts
2011-07-18 22:41:55 ----D---- C:\Documents and Settings\Martin\Application Data\Sony

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-07 685816]
R0 szkg5;szkg5; C:\WINDOWS\system32\DRIVERS\szkg.sys [2009-12-07 61328]
R0 szkgfs;szkgfs; C:\WINDOWS\system32\drivers\szkgfs.sys [2010-05-12 59280]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R3 bbcap;bbcap; C:\WINDOWS\system32\DRIVERS\bbcap.sys [2009-12-21 4096]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-07-07 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-27 4742656]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2011-05-24 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 xcpip;TCP/IP Protocol Driver; C:\WINDOWS\system32\drivers\xcpip.sys []
R3 xpsec;IPSEC driver; C:\WINDOWS\system32\drivers\xpsec.sys []
S0 is3srv;is3srv; C:\WINDOWS\system32\drivers\is3srv.sys [2009-12-07 61328]
S3 afroddxv;afroddxv; C:\WINDOWS\system32\drivers\afroddxv.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\catchme.sys []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 rt2500usb;DWL-G122(rev.B) USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys []
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-28 82944]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-09-19 72704]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-30 168004]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-18 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-18 107832]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2010-12-15 62928]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-07-07 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-13 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gupdate1c9cf1520895eca;Služba Google Update (gupdate1c9cf1520895eca); C:\Program Files\Google\Update\GoogleUpdate.exe /svc []
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-13 152984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


ckfiles.txt

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\martin\desktop\hry\asasins creed\crack\assassinscreed_dx10.exe
c:\documents and settings\martin\desktop\hry\asasins creed\crack\assassinscreed_dx9.exe
c:\documents and settings\martin\desktop\hry\asasins creed\crack\reloaded.nfo
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\data\clownbold.ttg
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\data\grass.tga
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\data\lib_art.map
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\data\ra3ep1_1.0.game
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\generalszh-104-english.exe
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\c&c generals zero hour v1.04-eng nocd\game.dat
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\c&c generals zero hour v1.04-eng nocd\generals.exe
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\keygen\keygen.exe
c:\documents and settings\martin\desktop\hry\gta iv\crack\cÍtat.txt
c:\documents and settings\martin\desktop\hry\gta iv\crack\crack 1 - najprv pouzit tento\gtaiv.exe
c:\documents and settings\martin\desktop\hry\gta iv\crack\crack 1 - najprv pouzit tento\launchgtaiv.exe
c:\documents and settings\martin\desktop\hry\gta iv\crack\crack 1 - najprv pouzit tento\paul.dll
c:\documents and settings\martin\desktop\hry\gta iv\crack\crack 2 - nasledne tento\fed0r.nfo
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\anti-blaxx_1.17_install.exe
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\gof_f.exe
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\instruction.txt
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\sd4hide.exe
c:\documents and settings\martin\desktop\hry\imperial glory\crack\imperialglory.exe
c:\documents and settings\martin\desktop\hry\imperial glory\ik-igdvd\crack\imperialglory.exe
c:\documents and settings\martin\desktop\hry\sims 3\the sims 3\the sims 3 - razor1911 final\crack\ts3.exe
c:\documents and settings\martin\desktop\hry\sims 3\the sims 3\the sims 3 - razor1911 final\crack\tslhost.dll
c:\documents and settings\martin\desktop\hry\stronghold crusader\gm\cracks.gm1
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\deviance.nfo
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\file_id.diz
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\rotk.exe
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\serial key.txt
c:\documents and settings\martin\desktop\iné\archív\convertxtodvd 2.1.14.223 with working keygen\torrent downloaded from demonoid.com.txt
c:\documents and settings\martin\desktop\iné\archív\convertxtodvd 2.1.14.223 with working keygen\vsoconvertxtodvd2_setup.exe
c:\documents and settings\martin\desktop\iné\archív\convertxtodvd 2.1.14.223 with working keygen\keygen\convertxtodvd_kg.exe
c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\keygen.exe
c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\key_wwwhack\keygen.exe
c:\documents and settings\martin\desktop\programy\iné\adobe photoshop cs3\crack\popis.txt
c:\documents and settings\martin\desktop\programy\iné\adobe photoshop cs3\crack\shortcut to photoshop.lnk
c:\documents and settings\martin\desktop\programy\iné\ps2 emulator\pcsx2_0.9.6_setup_cracked.msi
c:\documents and settings\martin\desktop\programy\iné\sony vegas pro 9.0\sony.products.multikeygen.v1.5.keygen.only-di\diginsan.nfo
c:\documents and settings\martin\desktop\programy\iné\sony vegas pro 9.0\sony.products.multikeygen.v1.5.keygen.only-di\file_id.diz
c:\documents and settings\martin\desktop\programy\súborové programy\total comander\crack\wincmd.key
c:\program files\alcohol soft\alcohol 120\crack.bat
c:\program files\forum\n-k\forum\admin\admin_cracker_tracker.php
c:\program files\forum\n-k\záloha fóra\admin\admin_cracker_tracker.php
scanner sequence 3.ZZ.11.CHNAOC
----- EOF -----

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 10:46
od vyosek
Tohle je log.txt, ja chtel info.txt, takze o nej znovu poprosim

O ostatnim softu (krom NODu) asi moc legalnost tvrdit nebudete ze :twisted:

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 10:49
od Flash7
Ten log prepáčte moja chyba. Zle som si to prečítal.

info.txt logfile of random's system information tool 1.08 2011-01-28 22:30:22

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Actual Spy 3.0-->"C:\Program Files\ACSPMonitor\unins000.exe"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}
Adobe Color JA Extra Settings-->MsiExec.exe /I{D92B72E2-C854-4738-8ED6-4C3661CC17AE}
Adobe Color NA Extra Settings-->MsiExec.exe /I{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\4977c84bcdc298c444ccfbdcccb660d\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Setup-->MsiExec.exe /I{0901FCE8-5415-4499-BBC8-1AA106DD66E2}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AMR Converter Pro-->"C:\Documents and Settings\All Users\Application Data\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.exe" REMOVE=TRUE MODIFY=FALSE
AMR Converter Pro-->C:\Documents and Settings\All Users\Application Data\{00BAB1C5-D99B-4EF4-B1D6-1DEB5DA070DA}\setup_amr.exe
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Any Video Converter 3.1.8-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0005 -removeonly
Autodesk 3ds Max 8-->MsiExec.exe /I{DBB313D6-4B13-4961-BD5F-673CDA1793CC}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AutoHotkey 1.0.92.02-->C:\Program Files\AutoHotkey\uninst.exe
Avidemux 2.5-->C:\Program Files\Avidemux 2.5\uninstall.exe
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BB FlashBack Pro-->"C:\Documents and Settings\All Users\Application Data\{5423C75F-01E2-4D9B-8981-64D3E010A108}\BB FlashBack.exe" REMOVE=TRUE MODIFY=FALSE
BB FlashBack Pro-->C:\Documents and Settings\All Users\Application Data\{5423C75F-01E2-4D9B-8981-64D3E010A108}\BB FlashBack.exe
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
BS.Player PRO-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer™ Red Alert™ 3 Uprising-->MsiExec.exe /X{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Counter-Strike 1.6-->C:\Program Files\Counter-Strike 1.6\Uninstal.exe
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x9
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crysis WARHEAD(R)-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD(R)-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DVDVideoSoft Toolbar-->C:\PROGRA~1\DVDVID~1\UNWISE.EXE /U C:\PROGRA~1\DVDVID~1\INSTALL.LOG
DVDVideoSoftTB Toolbar-->C:\PROGRA~1\DVDVID~2\UNWISE.EXE /U C:\PROGRA~1\DVDVID~2\INSTALL.LOG
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
EASEUS Partition Master 6.1.1 Server Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 6.1.1 Server Edition\unins000.exe"
Energy Saver Advance B8.0711.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
FlatOut2-->"C:\Program Files\FlatOut2\unins000.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Audio Converter version 2.2.11-->"C:\Program Files\DVDVideoSoft\Free Audio Converter\unins000.exe"
Free Video to Flash Converter version 4.2-->"C:\Program Files\DVDVideoSoft\Free Video to Flash Converter\unins000.exe"
Free Video to MP3 Converter version 4.2.14-->"C:\Program Files\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe"
Free YouTube Uploader version 3.3.10-->"C:\Program Files\DVDVideoSoft\Free YouTube Uploader\unins000.exe"
GameCommanderPro 2.0.1.17-->"C:\Program Files\GameCommanderPro\unins000.exe"
GameShadow-->MsiExec.exe /I{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}
Google Earth-->MsiExec.exe /X{C768790F-04FB-11E0-9B2C-001AA037B01E}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\8.0.552.237\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Graph 4.3-->"C:\Program Files\Graph\unins000.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Harry Potter and the Order of the Phoenix™-->C:\Program Files\Electronic Arts\Harry Potter and the Order of the Phoenix\EAUninstall.exe
Harry Potter(TM) a vezen z Azkabanu-->C:\Program Files\EA GAMES\Harry Potter(TM) a vezen z Azkabanu\EAUninstall.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Martin\My Documents\Preberanie\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Imperial Glory-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FCC8C70-66B9-420D-942C-2C2A8441C744}\setup.exe" -l0x5 -removeonly
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 4.8.5 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech G11 Keyboard Software 1.03-->MsiExec.exe /X{77A1C7DD-E4F6-4057-92FC-710219215987}
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
LOTR The Return of the King tm-->C:\Program Files\EA GAMES\LOTR The Return of the King tm\EAUninstall.exe
Magic Video Converter 8.0.8.25-->"C:\Program Files\Magic Video Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041B-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{D8087907-E255-3A41-A46D-D0F798709C71}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mozilla Firefox (3.6.2pre)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NHL® 09-->MsiExec.exe /X{F2B5A2A7-2DF9-4361-8BD5-362714528B51}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
Opera 9.60-->MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}
Pán Prsteòov: Bitka o Stredozem II SK-->C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\Odinštalova PP-BoS-II_SK.exe
Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
PDF Settings-->MsiExec.exe /I{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Scorpions WinCheater-->"C:\Program Files\Scorpions WinCheater\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SMPlayer 0.6.7-->C:\Program Files\SMPlayer\uninst.exe
Softonic_English Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE /U C:\PROGRA~1\SOFTON~1\INSTALL.LOG
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
STOPzilla-->MsiExec.exe /X{94A61BF7-F8EE-46D1-944B-C765A7FF117A}
The Battle for Middle-earth (tm) II-->C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
The Battle for Middle-earth (tm)-->C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\EAUninstall.exe
The Lord of the Rings, The Rise of the Witch-king-->C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\EAUninstall.exe
The Sims 2 Nocní život-->C:\Program Files\EA GAMES\The Sims 2 Nocní život\EAUninstall.exe
The Sims 2 Pro rodinnou zábavu - Kolekce-->C:\Program Files\EA GAMES\The Sims 2 Pro rodinnou zábavu - Kolekce\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2 Ve svete podnikání-->C:\Program Files\EA GAMES\The Sims 2 Ve svete podnikání\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 H&M® Móda Kolekce-->C:\Program Files\EA GAMES\The Sims 2 H&M® Móda Kolekce\EAUninstall.exe
The Sims™ 2 IKEA® Domov Kolekce-->C:\Program Files\EA GAMES\The Sims 2 IKEA® Domov Kolekce\EAUninstall.exe
The Sims™ 2 Mazlícci-->C:\Program Files\EA GAMES\The Sims 2 Mazlícci\EAUninstall.exe
The Sims™ 2 Pojdme slavit! Kolekce-->C:\Program Files\EA GAMES\The Sims 2 Pojdme slavit! Kolekce\EAUninstall.exe
The Sims™ 2 Pro luxusní život - Kolekce-->C:\Program Files\EA GAMES\The Sims 2 Pro luxusní život - Kolekce\EAUninstall.exe
The Sims™ 2 Rocní období-->C:\Program Files\EA GAMES\The Sims 2 Rocní období\EAUninstall.exe
The Sims™ 2 Štastnou cestu-->C:\Program Files\EA GAMES\The Sims 2 Štastnou cestu\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
The Sims™ 2 Volný cas-->C:\Program Files\EA GAMES\The Sims 2 Volný cas\EAUninstall.exe
The Sims™ 2 Život v byte-->C:\Program Files\EA GAMES\The Sims 2 Život v byte\EAUninstall.exe
The Sims™ 3 Ambitions-->"C:\Program Files\InstallShield Installation Information\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}\Sims3EP02Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Fast Lane Stuff-->"C:\Program Files\InstallShield Installation Information\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}\Sims3SP02Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 High-End Loft Stuff-->"C:\Program Files\InstallShield Installation Information\{71828142-5A24-4BD0-97E7-976DA08CE6CF}\Sims3SP01Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 Late Night-->"C:\Program Files\InstallShield Installation Information\{45057FCE-5784-48BE-8176-D9D00AF56C3C}\Sims3EP03Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3 World Adventures-->"C:\Program Files\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\Sims3EP01Setup.exe" -runfromtemp -l0x0009 -removeonly
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0005 -removeonly
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe"
Total Video Converter 3.20 090104-->"C:\Program Files\Total Video Converter\unins001.exe"
Ubuntu-->G:\ubuntu\uninstall-wubi.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vegas Pro 9.0-->MsiExec.exe /X{6E5AB107-172B-4F17-8ABB-357C59EF1B08}
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (3)\Uninstall.exe

======Hosts File======

::1 localhost

======Security center information======

AV: ESET NOD32 Antivirus 4.2

======System event log======

Computer Name: XPWINDOWS7
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 36546
Source Name: Tcpip
Time Written: 20101222220057.000000+060
Event Type: warning
User:

Computer Name: XPWINDOWS7
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 36545
Source Name: Tcpip
Time Written: 20101222212710.000000+060
Event Type: warning
User:

Computer Name: XPWINDOWS7
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 36541
Source Name: Tcpip
Time Written: 20101222140346.000000+060
Event Type: warning
User:

Computer Name: XPWINDOWS7
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Record Number: 36537
Source Name: DCOM
Time Written: 20101222135707.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: XPWINDOWS7
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Record Number: 36509
Source Name: DCOM
Time Written: 20101222092214.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: XPWINDOWS7
Event Code: 1517
Message: Windows saved user XPWINDOWS7\Martin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 10230
Source Name: Userenv
Time Written: 20110103200843.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: XPWINDOWS7
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 10229
Source Name: Userenv
Time Written: 20110103200836.000000+060
Event Type: warning
User: XPWINDOWS7\Martin

Computer Name: XPWINDOWS7
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 10228
Source Name: crypt32
Time Written: 20110103194533.000000+060
Event Type: error
User:

Computer Name: XPWINDOWS7
Event Code: 1517
Message: Windows saved user XPWINDOWS7\Martin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 10186
Source Name: Userenv
Time Written: 20110103122115.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: XPWINDOWS7
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 10185
Source Name: Userenv
Time Written: 20110103122108.000000+060
Event Type: warning
User: XPWINDOWS7\Martin

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Autodesk\backburner\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\

-----------------EOF-----------------


Aký ostatný soft máte na mysli?

// Osobne tento počítač využívam len na prácu, syn tu má nejaké hry a niečo do školy, ale ak ide o iné programy tak tie tu mohol nainštalovať jedine on. Keď bude doma, spýtam sa ho na to...

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 11:13
od vyosek
:arrow: Predevsim to mnozstvi cracknutych her co tam je, photoshop apod...

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 11:59
od Flash7
Tak čo sa týka hier a tých programov, tie sú synove. Ja k práci potrebujem len základné programy... ale porozprávam sa s ním o tom.

Tu je ten Combofix log:

ComboFix 11-08-16.05 - Martin 17.08.2011 12:51:30.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.421.1033.18.3326.2571 [GMT 2:00]
Running from: c:\documents and settings\Martin\My Documents\Preberanie\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-14 20:24 . 2011-08-14 20:24 -------- d-----w- c:\program files\LucasArts
2011-08-14 20:24 . 1997-05-12 15:53 314368 ----a-w- c:\windows\uninst.exe
2011-08-14 09:26 . 2011-08-14 09:26 -------- d-----w- c:\documents and settings\Martin\Application Data\Registry Mechanic
2011-08-14 09:23 . 2010-09-16 10:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-08-14 09:23 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-08-14 09:23 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-08-14 09:23 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-08-14 09:23 . 2011-08-17 09:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-08-14 09:23 . 2011-08-14 09:23 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-13 20:02 . 2011-08-13 20:02 -------- d-----w- c:\documents and settings\Martin\Application Data\DivX
2011-08-13 19:57 . 2011-08-13 20:02 -------- d-----w- c:\program files\DivX
2011-08-13 19:55 . 2011-08-13 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-08-10 16:38 . 2011-08-10 16:38 -------- d---a-w- C:\PHP-Fusion 7.01.04
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-07-18 21:24 . 2011-07-18 21:24 -------- d-----w- c:\program files\VirtualDJ
2011-07-18 19:32 . 2011-07-18 19:32 -------- d-----w- c:\documents and settings\Martin\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 09:28 . 2009-05-07 12:19 16608 ----a-w- c:\windows\gdrv.sys
2011-08-01 18:30 . 2010-08-27 12:22 664 ----a-w- c:\documents and settings\LoL\Local Settings\Application Data\d3d9caps.tmp
2011-07-12 08:03 . 2008-04-28 09:19 17408 ----a-w- c:\windows\system32\midimap.dll
2011-07-07 11:44 . 2009-06-25 18:55 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-24 17:52 . 2009-05-24 09:12 87608 ----a-w- c:\documents and settings\Martin\Application Data\ezpinst.exe
2011-05-24 17:52 . 2009-05-24 09:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-06-24 15:10 . 2011-04-29 14:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-28 09:18 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-04-28 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-28 . AF8ED52D2A32C7729C7F91C72B8CCB10 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-13 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[7] 2008-04-13 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-03-20 . 1CA39C7E1423FF8821664E0E06FEA55E . 343040 . . [7.0.2600.5508] . . c:\windows\system32\msvcrt.dll
[7] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2008-03-20 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508] . . c:\windows\system32\user32.dll
.
[-] 2008-08-18 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-03-20 . 31653CDF039C3F415B8D33F2D133E6AB . 1287168 . . [5.1.2600.5508] . . c:\windows\system32\ole32.dll
.
[-] 2008-04-26 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-28 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-28 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
.
[-] 2011-07-12 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6002.18005] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-07-12_08.13.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-17 09:28 . 2011-08-17 09:28 16384 c:\windows\Temp\Perflib_Perfdata_9e4.dat
+ 2011-08-13 20:01 . 2010-07-12 18:36 68592 c:\windows\system32\pxinsa64.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 72176 c:\windows\system32\pxhpinst.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 68080 c:\windows\system32\pxcpya64.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 45648 c:\windows\system32\drivers\PxHelp20.sys
+ 2011-08-13 20:01 . 2010-07-12 18:36 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2011-08-13 20:01 . 2010-07-12 18:36 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2011-05-13 23:17 . 2011-05-13 23:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-13 23:12 . 2011-05-13 23:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-13 23:11 . 2011-05-13 23:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 100848 c:\windows\system32\vxblock.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 440816 c:\windows\system32\pxwave.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 219632 c:\windows\system32\pxmas.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 126448 c:\windows\system32\pxinsi64.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 567792 c:\windows\system32\pxdrv.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 123888 c:\windows\system32\pxcpyi64.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 133616 c:\windows\system32\pxafs.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 698864 c:\windows\system32\px.dll
+ 2009-06-09 12:29 . 2011-07-18 22:20 117632 c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2007-04-03 11:57 . 2007-04-03 11:57 100488 c:\windows\system32\drivers\s116mgmt.sys
+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\system32\divx_xx16.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\system32\divx_xx11.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx0c.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\system32\divx_xx0a.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\system32\DivX.dll
+ 2011-08-13 20:01 . 2011-08-13 20:01 178688 c:\windows\Installer\4f19a7.msi
+ 2011-08-13 20:01 . 2010-07-12 18:36 2120176 c:\windows\system32\pxsfs.dll
+ 2009-05-07 18:57 . 2011-07-19 07:11 1689192 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-05-20 306088]
"ESET"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Visual Task Tips"="c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-13 148888]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"D-Link AirPlus XtremeG DWL-G122"="c:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-12-18 1556480]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-27 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-02-20 124928]
.
c:\documents and settings\Martin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CurseClientStartup.ccip [2011-7-12 0]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-31 809488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Martin\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnalogClock]
2005-11-05 06:10 480256 ----a-w- c:\program files\Windows7\Analog Clock\AnalogClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-07 16:50 119608 ----a-w- c:\program files\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
2009-06-18 21:13 561064 ----a-w- c:\documents and settings\Martin\Local Settings\Application Data\MXSkypeRecorder\MXSkypeRecorder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 02:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pie Dock]
2007-09-02 06:12 586240 ----a-w- c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-05-20 17:51 306088 ----a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-06-18 10:01 77824 ------r- c:\windows\SoundMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
2007-06-20 08:21 1912832 ----a-w- c:\program files\Windows7\TopDesk\topdesk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
2006-05-21 03:43 180224 ----a-w- c:\program files\Windows7\UberIcon\UberIcon Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viena Explorer]
2006-11-18 10:31 581632 ----a-w- c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdate1c9cf1520895eca"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\WoW\\WotLK\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\WoW\\WotLK\\Launcher.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Programy\\Internet\\Fake IP\\FakeIP\\DC_IS.EXE"=
"c:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Documents and Settings\\Martin\\Local Settings\\Apps\\2.0\\DZ4E3HTC.YDE\\CZ1GC0M3.6Q7\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7169:TCP"= 7169:TCP:Services
"7170:TCP"= 7170:TCP:Services
"4287:TCP"= 4287:TCP:Services
"2506:TCP"= 2506:TCP:Services
"2396:TCP"= 2396:TCP:Services
"9520:TCP"= 9520:TCP:Services
"6755:TCP"= 6755:TCP:Services
"1533:TCP"= 1533:TCP:Services
"4144:TCP"= 4144:TCP:Services
"4457:TCP"= 4457:TCP:Services
"4082:TCP"= 4082:TCP:Services
"3472:TCP"= 3472:TCP:Services
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2009 17:48 685816]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7.12.2009 17:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [12.5.2010 18:01 59280]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [7.5.2009 14:19 80392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [14.8.2011 11:23 632792]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [21.12.2009 15:46 4096]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7.12.2009 17:59 61328]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [19.8.2010 23:56 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [19.8.2010 23:56 8456]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 gupdate1c9cf1520895eca;Služba Google Update (gupdate1c9cf1520895eca);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-08-14 15:05]
.
2011-08-17 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-08-14 10:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\prrbkrkl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-17 12:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-1275210071-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,81,b6,23,f1,38,55,60,1a,40,39,68,d4,0e,41,fd,e2,92,5f,2e,ad,8c,35,
98,0d,27,71,7b,ab,c5,5e,06,5c,86,9a,a9,40,65,78,77,d7,bd,34,3a,d2,f7,d6,c6,\
"??"=hex:74,34,6c,c6,63,7c,94,93,70,3b,e2,47,bb,62,96,f1
.
[HKEY_USERS\S-1-5-21-1004336348-1275210071-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:00,bd,2d,95,65,dc,32,32,ed,1b,82,90,1c,f6,01,d2,ba,2a,e1,1f,99,
8c,25,c9,dc,9e,32,e3,4f,2e,f7,d5,91,ea,8c,af,08,31,00,df,18,01,82,19,7b,c9,\
"rkeysecu"=hex:80,8c,d3,af,36,bc,88,fd,44,f0,18,0b,1b,9f,a9,b9
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(2756)
c:\program files\Windows7\VisualTaskTips\VttHooks.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-17 12:57:10
ComboFix-quarantined-files.txt 2011-08-17 10:57
ComboFix2.txt 2011-07-13 14:32
ComboFix3.txt 2011-07-12 08:14
ComboFix4.txt 2011-07-06 15:36
.
Pre-Run: 255 007 047 680 bytes free
Post-Run: 255 403 606 016 bytes free
.
- - End Of File - - E8EE5E40DBA715EC26A5E2674B68BA27

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 13:43
od vyosek
:arrow: Pres cracky se tam dostala pravdepodobne i ona infekce

:arrow: Po ukonceni leceni doporucuji kompletni zmenu hesel - mbr rootkity jsou pekni previti, radi hesla kradou a jeste si o nich povidaji s okolim :boxed:

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

SRPeek::
c:\windows\system32\comres.dll
c:\windows\system32\winlogon.exe
c:\windows\system32\user32.dll
c:\windows\explorer.exe
c:\windows\regedit.exe
c:\windows\system32\ole32.dll
c:\windows\system32\sfcfiles.dll
c:\windows\system32\ctfmon.exe
c:\windows\system32\hnetcfg.dll
c:\windows\system32\midimap.dll

Mia::
c:\windows\system32\comres.dll
c:\windows\system32\winlogon.exe
c:\windows\system32\user32.dll
c:\windows\explorer.exe
c:\windows\regedit.exe
c:\windows\system32\ole32.dll
c:\windows\system32\sfcfiles.dll
c:\windows\system32\ctfmon.exe
c:\windows\system32\hnetcfg.dll
c:\windows\system32\midimap.dll

Restore::
c:\windows\system32\comres.dll
c:\windows\system32\winlogon.exe
c:\windows\system32\user32.dll
c:\windows\explorer.exe
c:\windows\regedit.exe
c:\windows\system32\ole32.dll
c:\windows\system32\sfcfiles.dll
c:\windows\system32\ctfmon.exe
c:\windows\system32\hnetcfg.dll
c:\windows\system32\midimap.dll

FCopy::
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll | c:\windows\system32\comctl32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll | c:\windows\system32\msvcrt.dll

Folder::
c:\program files\ICQ6Toolbar
c:\documents and settings\martin\desktop\hry\asasins creed\crack
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack
c:\documents and settings\martin\desktop\hry\gta iv\crack
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack
c:\documents and settings\martin\desktop\hry\imperial glory\crack
c:\documents and settings\martin\desktop\hry\imperial glory\ik-igdvd\crack
c:\documents and settings\martin\desktop\hry\sims 3\the sims 3\the sims 3 - razor1911 final\crack
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack
c:\documents and settings\martin\desktop\iné\archív\convertxtodvd 2.1.14.223 with working keygen
c:\documents and settings\martin\desktop\programy\iné\adobe photoshop cs3\crack
c:\documents and settings\martin\desktop\programy\iné\sony vegas pro 9.0\sony.products.multikeygen.v1.5.keygen.only-di
c:\documents and settings\martin\desktop\programy\súborové programy\total comander\crack

Driver::
ICQ Service
xcpip
xpsec
gupdate1c9cf1520895eca

Collect::
c:\windows\system32\drivers\xcpip.sys
c:\windows\system32\drivers\xpsec.sys

File::
c:\documents and settings\Martin\Start Menu\Programs\Startup\Adobe Gamma.lnk
c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\keygen.exe
c:\documents and settings\martin\desktop\programy\iné\ps2 emulator\pcsx2_0.9.6_setup_cracked.msi
c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\key_wwwhack\keygen.exe
c:\program files\alcohol soft\alcohol 120\crack.bat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=-
"RGSC"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"NBKeyScan"=-
"TkBellExe"=-
"QuickTime Task"=-
"DivXUpdate"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"=-
"nltide_3"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^Martin^Start Menu^Programs^Startup^hamachi.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MX Skype Recorder]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"7169:TCP"=-
"7170:TCP"=-
"4287:TCP"=-
"2506:TCP"=-
"2396:TCP"=-
"9520:TCP"=-
"6755:TCP"=-
"1533:TCP"=-
"4144:TCP"=-
"4457:TCP"=-
"4082:TCP"=-
"3472:TCP"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\prrbkrkl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.9&q=

AtJob::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 14:07
od Flash7
Log:

ComboFix 11-08-16.05 - Martin 17.08.2011 14:58:12.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.421.1033.18.3326.2555 [GMT 2:00]
Running from: C:\Documents and Settings\Martin\My Documents\Preberanie\ComboFix.exe
Command switches used :: C:\Documents and Settings\Martin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\key_wwwhack\keygen.exe"
"c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\keygen.exe"
"c:\documents and settings\martin\desktop\programy\iné\ps2 emulator\pcsx2_0.9.6_setup_cracked.msi"
"c:\documents and settings\Martin\Start Menu\Programs\Startup\Adobe Gamma.lnk"
"c:\program files\alcohol soft\alcohol 120\crack.bat"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


c:\documents and settings\martin\desktop\hry\asasins creed\crack
c:\documents and settings\martin\desktop\hry\asasins creed\crack\AssassinsCreed_Dx10.exe
c:\documents and settings\martin\desktop\hry\asasins creed\crack\AssassinsCreed_Dx9.exe
c:\documents and settings\martin\desktop\hry\asasins creed\crack\reloaded.nfo
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\Data\clownBold.ttg
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\Data\grass.tga
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\Data\lib_art.map
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\Data\ra3ep1_1.0.game
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\C&C Generals Zero Hour v1.04-Eng NoCD\game.dat
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\C&C Generals Zero Hour v1.04-Eng NoCD\generals.exe
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\generalszh-104-english.exe
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\keygen\keygen.exe
c:\documents and settings\martin\desktop\hry\gta iv\crack
c:\documents and settings\martin\desktop\hry\gta iv\crack\?ÍTA?.txt
c:\documents and settings\martin\desktop\hry\gta iv\crack\Crack 1 - najprv pouzit tento\GTAIV.exe
c:\documents and settings\martin\desktop\hry\gta iv\crack\Crack 1 - najprv pouzit tento\LaunchGTAIV.exe
c:\documents and settings\martin\desktop\hry\gta iv\crack\Crack 1 - najprv pouzit tento\Paul.dll
c:\documents and settings\martin\desktop\hry\gta iv\crack\Crack 2 - nasledne tento\FeD0R.nfo
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\Anti-Blaxx_1.17_Install.exe
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\gof_f.exe
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\INSTRUCTION.txt
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\sd4hide.exe
c:\documents and settings\martin\desktop\hry\imperial glory\crack
c:\documents and settings\martin\desktop\hry\imperial glory\crack\ImperialGlory.exe
c:\documents and settings\martin\desktop\hry\imperial glory\ik-igdvd\crack
c:\documents and settings\martin\desktop\hry\imperial glory\ik-igdvd\crack\ImperialGlory.exe
c:\documents and settings\martin\desktop\hry\sims 3\the sims 3\the sims 3 - razor1911 final\crack
c:\documents and settings\martin\desktop\hry\sims 3\the sims 3\the sims 3 - razor1911 final\crack\TS3.exe
c:\documents and settings\martin\desktop\hry\sims 3\the sims 3\the sims 3 - razor1911 final\crack\TSLHost.dll
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\deviance.nfo
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\file_id.diz
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\rotk.exe
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\serial Key.txt
c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\key_wwwhack\keygen.exe
c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\keygen.exe
c:\documents and settings\Martin\Start Menu\Programs\Startup\Adobe Gamma.lnk
c:\program files\alcohol soft\alcohol 120\crack.bat

c:\windows\explorer.exe . . . is infected!!

c:\windows\regedit.exe . . . is infected!!

c:\windows\system32\comres.dll . . . is infected!!

c:\windows\system32\ctfmon.exe . . . is infected!!

c:\windows\system32\hnetcfg.dll . . . is infected!!

c:\windows\system32\midimap.dll . . . is infected!!

c:\windows\system32\ole32.dll . . . is infected!!

c:\windows\system32\sfcfiles.dll . . . is infected!!

c:\windows\system32\user32.dll . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!!


--------------- FCopy ---------------

c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll --> c:\windows\system32\comctl32.dll
c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll --> c:\windows\system32\msvcrt.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUPDATE1C9CF1520895ECA
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate1c9cf1520895eca
-------\Service_ICQ Service
-------\Service_xcpip
-------\Service_xpsec


((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))


2011-08-14 20:24:46 . 2011-08-14 20:24:46 -------- d-----w- C:\Program Files\LucasArts
2011-08-14 20:24:35 . 1997-05-12 15:53:00 314368 ----a-w- C:\WINDOWS\uninst.exe
2011-08-14 09:26:30 . 2011-08-14 09:26:30 -------- d-----w- C:\Documents and Settings\Martin\Application Data\Registry Mechanic
2011-08-14 09:23:20 . 2010-09-16 10:26:02 37336 ----a-w- C:\WINDOWS\system32\CleanMFT32.exe
2011-08-14 09:23:20 . 2008-04-02 14:54:20 1101824 ----a-w- C:\WINDOWS\system32\UniBox210.ocx
2011-08-14 09:23:20 . 2008-04-02 14:53:50 212992 ----a-w- C:\WINDOWS\system32\UniBoxVB12.ocx
2011-08-14 09:23:20 . 2008-04-02 14:53:36 880640 ----a-w- C:\WINDOWS\system32\UniBox10.ocx
2011-08-14 09:23:16 . 2011-08-17 09:23:03 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2011-08-14 09:23:16 . 2011-08-14 09:23:18 -------- d-----w- C:\Program Files\Common Files\PC Tools
2011-08-13 20:02:03 . 2011-08-13 20:02:03 -------- d-----w- C:\Documents and Settings\Martin\Application Data\DivX
2011-08-13 19:57:47 . 2011-08-13 20:02:13 -------- d-----w- C:\Program Files\DivX
2011-08-13 19:55:45 . 2011-08-13 20:02:13 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DivX
2011-08-10 16:38:28 . 2011-08-10 16:38:36 -------- d---a-w- C:\PHP-Fusion 7.01.04
2011-07-22 20:51:50 . 2011-07-22 20:51:50 94208 ----a-w- C:\WINDOWS\system32\dpl100.dll
2011-07-18 21:24:54 . 2011-07-18 21:24:59 -------- d-----w- C:\Program Files\VirtualDJ
2011-07-18 19:32:20 . 2011-07-18 19:32:20 -------- d-----w- C:\Documents and Settings\Martin\Application Data\Apple Computer
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-08-17 13:02:38 . 2009-05-07 12:19:23 16608 ----a-w- C:\WINDOWS\gdrv.sys
2011-08-01 18:30:45 . 2010-08-27 12:22:38 664 ----a-w- C:\Documents and Settings\LoL\Local Settings\Application Data\d3d9caps.tmp
2011-07-12 08:03:34 . 2008-04-28 09:19:42 17408 ----a-w- C:\WINDOWS\system32\midimap.dll
2011-07-07 11:44:32 . 2009-06-25 18:55:02 25280 ----a-w- C:\WINDOWS\system32\drivers\hamachi.sys
2011-05-24 17:52:11 . 2009-05-24 09:12:52 87608 ----a-w- C:\Documents and Settings\Martin\Application Data\ezpinst.exe
2011-05-24 17:52:11 . 2009-05-24 09:12:52 47360 ----a-w- C:\WINDOWS\system32\drivers\pcouffin.sys
2011-06-24 15:10:32 . 2011-04-29 14:36:41 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

// Musím teraz niečo vybaviť, tak budem mimo PC. Podvečer by som tu mal byť... samozrejme veľká vďaka za doterajšiu pomoc :thumbsup: //

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 14:40
od vyosek
Prozatim neni zac...

Spustte pak ComboFix bez skriptu, nejsem si jist ci se provedlo vse...

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 16:29
od Flash7
ComboFix 11-08-16.05 - Martin 17.08.2011 17:18:27.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.421.1033.18.3326.2623 [GMT 2:00]
Running from: c:\documents and settings\Martin\My Documents\Preberanie\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\martin\desktop\hry\asasins creed\crack\AssassinsCreed_Dx10.exe
c:\documents and settings\martin\desktop\hry\asasins creed\crack\AssassinsCreed_Dx9.exe
c:\documents and settings\martin\desktop\hry\asasins creed\crack\reloaded.nfo
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\Data\clownBold.ttg
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\Data\grass.tga
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\Data\lib_art.map
c:\documents and settings\martin\desktop\hry\cac - red alert 3\crack\Data\ra3ep1_1.0.game
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\C&C Generals Zero Hour v1.04-Eng NoCD\game.dat
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\C&C Generals Zero Hour v1.04-Eng NoCD\generals.exe
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\generalszh-104-english.exe
c:\documents and settings\martin\desktop\hry\generals zero hour\keygen+patch+crack\keygen\keygen.exe
c:\documents and settings\martin\desktop\hry\gta iv\crack\?ÍTA?.txt
c:\documents and settings\martin\desktop\hry\gta iv\crack\Crack 1 - najprv pouzit tento\GTAIV.exe
c:\documents and settings\martin\desktop\hry\gta iv\crack\Crack 1 - najprv pouzit tento\LaunchGTAIV.exe
c:\documents and settings\martin\desktop\hry\gta iv\crack\Crack 1 - najprv pouzit tento\Paul.dll
c:\documents and settings\martin\desktop\hry\gta iv\crack\Crack 2 - nasledne tento\FeD0R.nfo
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\Anti-Blaxx_1.17_Install.exe
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\gof_f.exe
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\INSTRUCTION.txt
c:\documents and settings\martin\desktop\hry\harry potter and the goblet of fire\hpgof\crack\sd4hide.exe
c:\documents and settings\martin\desktop\hry\imperial glory\crack\ImperialGlory.exe
c:\documents and settings\martin\desktop\hry\imperial glory\ik-igdvd\crack\ImperialGlory.exe
c:\documents and settings\martin\desktop\hry\sims 3\the sims 3\the sims 3 - razor1911 final\crack\TS3.exe
c:\documents and settings\martin\desktop\hry\sims 3\the sims 3\the sims 3 - razor1911 final\crack\TSLHost.dll
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\deviance.nfo
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\file_id.diz
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\rotk.exe
c:\documents and settings\martin\desktop\hry\the lord of the rings - 3d\crack\serial Key.txt
c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\key_wwwhack\keygen.exe
c:\documents and settings\martin\desktop\programy\internet\www\wwwhack\keygen.exe
c:\documents and settings\Martin\Start Menu\Programs\Startup\Adobe Gamma.lnk
c:\program files\alcohol soft\alcohol 120\crack.bat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1C9CF1520895ECA
-------\Legacy_ICQ_SERVICE
-------\Service_gupdate1c9cf1520895eca
-------\Service_ICQ Service
-------\Service_xcpip
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-14 20:24 . 2011-08-14 20:24 -------- d-----w- c:\program files\LucasArts
2011-08-14 20:24 . 1997-05-12 15:53 314368 ----a-w- c:\windows\uninst.exe
2011-08-14 09:26 . 2011-08-14 09:26 -------- d-----w- c:\documents and settings\Martin\Application Data\Registry Mechanic
2011-08-14 09:23 . 2010-09-16 10:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-08-14 09:23 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-08-14 09:23 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-08-14 09:23 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-08-14 09:23 . 2011-08-17 09:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-08-14 09:23 . 2011-08-14 09:23 -------- d-----w- c:\program files\Common Files\PC Tools
2011-08-13 20:02 . 2011-08-13 20:02 -------- d-----w- c:\documents and settings\Martin\Application Data\DivX
2011-08-13 19:57 . 2011-08-13 20:02 -------- d-----w- c:\program files\DivX
2011-08-13 19:55 . 2011-08-13 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-08-10 16:38 . 2011-08-10 16:38 -------- d---a-w- C:\PHP-Fusion 7.01.04
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-07-18 21:24 . 2011-07-18 21:24 -------- d-----w- c:\program files\VirtualDJ
2011-07-18 19:32 . 2011-07-18 19:32 -------- d-----w- c:\documents and settings\Martin\Application Data\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 14:43 . 2009-05-07 12:19 16608 ----a-w- c:\windows\gdrv.sys
2011-08-01 18:30 . 2010-08-27 12:22 664 ----a-w- c:\documents and settings\LoL\Local Settings\Application Data\d3d9caps.tmp
2011-07-12 08:03 . 2008-04-28 09:19 17408 ----a-w- c:\windows\system32\midimap.dll
2011-07-07 11:44 . 2009-06-25 18:55 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-24 17:52 . 2009-05-24 09:12 87608 ----a-w- c:\documents and settings\Martin\Application Data\ezpinst.exe
2011-05-24 17:52 . 2009-05-24 09:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-06-24 15:10 . 2011-04-29 14:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-28 09:18 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-04-28 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-03-20 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508] . . c:\windows\system32\user32.dll
.
[-] 2008-08-18 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-03-20 . 31653CDF039C3F415B8D33F2D133E6AB . 1287168 . . [5.1.2600.5508] . . c:\windows\system32\ole32.dll
.
[-] 2008-04-26 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-28 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-28 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
.
[-] 2011-07-12 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6002.18005] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-07-12_08.13.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-17 14:44 . 2011-08-17 14:44 16384 c:\windows\temp\Perflib_Perfdata_578.dat
+ 2011-08-13 20:01 . 2010-07-12 18:36 68592 c:\windows\system32\pxinsa64.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 72176 c:\windows\system32\pxhpinst.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 68080 c:\windows\system32\pxcpya64.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 45648 c:\windows\system32\drivers\PxHelp20.sys
+ 2011-08-13 20:01 . 2010-07-12 18:36 9200 c:\windows\system32\drivers\cdralw2k.sys
+ 2011-08-13 20:01 . 2010-07-12 18:36 9072 c:\windows\system32\drivers\cdr4_xp.sys
+ 2011-05-13 23:17 . 2011-05-13 23:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-13 23:12 . 2011-05-13 23:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-13 23:11 . 2011-05-13 23:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 100848 c:\windows\system32\vxblock.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 440816 c:\windows\system32\pxwave.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 219632 c:\windows\system32\pxmas.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 126448 c:\windows\system32\pxinsi64.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 567792 c:\windows\system32\pxdrv.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 123888 c:\windows\system32\pxcpyi64.exe
+ 2011-08-13 20:01 . 2010-07-12 18:36 133616 c:\windows\system32\pxafs.dll
+ 2011-08-13 20:01 . 2010-07-12 18:36 698864 c:\windows\system32\px.dll
+ 2008-03-20 18:36 . 2008-04-13 22:42 343040 c:\windows\system32\msvcrt.dll
- 2008-03-20 18:36 . 2008-03-20 18:36 343040 c:\windows\system32\msvcrt.dll
+ 2009-06-09 12:29 . 2011-07-18 22:20 117632 c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2007-04-03 11:57 . 2007-04-03 11:57 100488 c:\windows\system32\drivers\s116mgmt.sys
+ 2008-03-20 18:36 . 2008-04-13 22:42 343040 c:\windows\system32\dllcache\msvcrt.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\system32\divx_xx16.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\system32\divx_xx11.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx0c.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\system32\divx_xx0a.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\system32\DivX.dll
+ 2011-08-13 20:01 . 2011-08-13 20:01 178688 c:\windows\Installer\4f19a7.msi
+ 2011-08-13 20:01 . 2010-07-12 18:36 2120176 c:\windows\system32\pxsfs.dll
+ 2009-05-07 18:57 . 2011-07-19 07:11 1689192 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-28 09:18 . 2008-04-13 22:42 1054208 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-28 09:18 . 2008-04-13 22:42 1054208 c:\windows\system32\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ESET"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Visual Task Tips"="c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"D-Link AirPlus XtremeG DWL-G122"="c:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-12-18 1556480]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
.
c:\documents and settings\Martin\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-7-12 0]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-31 809488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnalogClock]
2005-11-05 06:10 480256 ----a-w- c:\program files\Windows7\Analog Clock\AnalogClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pie Dock]
2007-09-02 06:12 586240 ----a-w- c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-06-18 10:01 77824 ------r- c:\windows\SoundMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
2007-06-20 08:21 1912832 ----a-w- c:\program files\Windows7\TopDesk\topdesk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
2006-05-21 03:43 180224 ----a-w- c:\program files\Windows7\UberIcon\UberIcon Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viena Explorer]
2006-11-18 10:31 581632 ----a-w- c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdate1c9cf1520895eca"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\WoW\\WotLK\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\WoW\\WotLK\\Launcher.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Programy\\Internet\\Fake IP\\FakeIP\\DC_IS.EXE"=
"c:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Documents and Settings\\Martin\\Local Settings\\Apps\\2.0\\DZ4E3HTC.YDE\\CZ1GC0M3.6Q7\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2009 17:48 685816]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7.12.2009 17:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [12.5.2010 18:01 59280]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [7.5.2009 14:19 80392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [14.8.2011 11:23 632792]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [21.12.2009 15:46 4096]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7.12.2009 17:59 61328]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [19.8.2010 23:56 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [19.8.2010 23:56 8456]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-16 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-08-14 15:05]
.
2011-08-17 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-08-14 10:26]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\prrbkrkl.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-17 17:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-1275210071-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,81,b6,23,f1,38,55,60,1a,40,39,68,d4,0e,41,fd,e2,92,5f,2e,ad,8c,35,
98,0d,27,71,7b,ab,c5,5e,06,5c,86,9a,a9,40,65,78,77,d7,bd,34,3a,d2,f7,d6,c6,\
"??"=hex:74,34,6c,c6,63,7c,94,93,70,3b,e2,47,bb,62,96,f1
.
[HKEY_USERS\S-1-5-21-1004336348-1275210071-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:00,bd,2d,95,65,dc,32,32,ed,1b,82,90,1c,f6,01,d2,ba,2a,e1,1f,99,
8c,25,c9,dc,9e,32,e3,4f,2e,f7,d5,91,ea,8c,af,08,31,00,df,18,01,82,19,7b,c9,\
"rkeysecu"=hex:80,8c,d3,af,36,bc,88,fd,44,f0,18,0b,1b,9f,a9,b9
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\SETUPAPI.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\sfc_os.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3824)
c:\program files\Windows7\VisualTaskTips\VttHooks.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-17 17:28:25
ComboFix-quarantined-files.txt 2011-08-17 15:28
ComboFix2.txt 2011-08-17 10:57
ComboFix3.txt 2011-07-13 14:32
ComboFix4.txt 2011-07-12 08:14
ComboFix5.txt 2011-08-17 12:54
.
Pre-Run: 255 143 428 096 bytes free
Post-Run: 255 118 348 288 bytes free
.
- - End Of File - - B2AC32D09ED1B13899AE4D2D2342063C

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 16:37
od vyosek
:arrow: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
  • c:\windows\explorer.exe
    c:\windows\system32\winlogon.exe
    c:\windows\regedit.exe
    c:\windows\system32\ctfmon.exe
    c:\windows\system32\ole32.dll
  • Kliknete na Prochazet
  • Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
  • Kliknete na Send File
  • Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
    Obrázek
  • Vysledek analyzy sem vlozte (jako odkaz)

Re: RSIT log (možný vírus)

Napsal: 17 srp 2011 18:17
od Flash7
Po analýze mi to vyhodilo toto:

http://www.virustotal.com/file-scan/rep ... 1313599672
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz