VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

problem s cervom

https://forum.viry.cz:443/viewtopic.php?t=115417

Stránka 1 z 2

problem s cervom

Napsal: 15 zář 2011 15:43
od tomikaco
Dobry den,

omylom som stiahol a otvoril infikovany exe subor, ktory mi do PC pravdepodobne vniesol cerva. Postupne mi prestavaju pracovat stale viacere programy, napriklad Skype IM, ICQ IM, Firewall Zone Alarm, VoIP program TeamSpeak 3 a mnoho dalsich. Stalo sa to pred 3 dnami a hned po tom, ako som si vsimol prve naznaky, som pustil kompletnu WMAV kontrolu a vsetko co naslo som zmazal. Zabudol som, kam to uklada logy, takze ak ho spolocne najdeme, kludne ho sem dodam. "Cervave" aplikacie nefunguju takym sposobom, ze pri otvoreni bud hodia klasicky dr watson error alebo nejaky Microsoft Visual C++ Runtime Library error R6002 - floating point support not loaded.

Momentalne som teda bez antiviru a firewallu, lebo mi nejdu spustit.

Predom dakujem.

Prikladam log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by heRoo at 2011-09-15 16:42:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 146 MB (1%) free of 13 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:42:51, on 15.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\Common Files\WireHelpSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EslWire\dbus-daemon.exe
D:\Hry\cs\Steam.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Hry\cs\steamapps\heroo16\counter-strike\cstrike\RSIT.exe
C:\Program Files\trend micro\heRoo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 173.212.255.178 embedded.garena.com
O1 - Hosts: 173.212.255.178 embedded.garenanow.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WireHelpSvc - Unknown owner - C:\Program Files\Common Files\WireHelpSvc.exe

--
End of file - 6055 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\cron.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\videopadDowngrade.job
C:\WINDOWS\tasks\videopadShakeIcon.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default

prefs.js - "browser.startup.homepage" - "google.sk"
prefs.js - "extensions.enabledItems" - "{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1, {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1, personas@christopher.beard:1.6.1, {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9, firebug@software.joehewitt.com:1.6.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0]
"Description"=
"Path"=G:\Programy\Media go\npmediago.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\extensions\
engine@conduit.com
{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
{c45c406e-ab73-11d8-be73-000a95be3b12}
{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

C:\Documents and Settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\searchplugins\
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-16 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-16 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2011-09-12 1221596]
"P17Helper"=Rundll32 P17.dll,P17Helper []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ESL Wire"=C:\Program Files\EslWire\wire.exe [2011-09-12 2121686]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-04 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=475
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=475
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"G:\Programy\xampp\xampp\apache\bin\httpd.exe"="G:\Programy\xampp\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"G:\Programy\xampp\xampp\mysql\bin\mysqld.exe"="G:\Programy\xampp\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"D:\Program Files\HLSW\hlsw.exe"="D:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"E:\Warcraft III\Warcraft III\war3.exe"="E:\Warcraft III\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"G:\QUarantine\CSdef\hl.exe"="G:\QUarantine\CSdef\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Games\dsadas\hltv.exe"="G:\Games\dsadas\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"D:\Program Files\Java\jre6\bin\javaw.exe"="D:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"G:\Programy\bitlord\BitLord.exe"="G:\Programy\bitlord\BitLord.exe:*:Enabled:BitLord"
"G:\Programy\Update Service\Update Service.exe"="G:\Programy\Update Service\Update Service.exe:*:Enabled:Update Service"
"D:\Hry\cs\Steam.exe"="D:\Hry\cs\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"G:\Games\dsadas\hl.exe"="G:\Games\dsadas\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Mineserver Project\Mineserver\mineserver.exe"="C:\Program Files\Mineserver Project\Mineserver\mineserver.exe:*:Enabled:mineserver"
"G:\Games\AoE2\age2_x1\age2_x1.exe"="G:\Games\AoE2\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe"="G:\Games\Age Of Empires II Conquerors\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"G:\Games\StarCraft II\StarCraft II.exe"="G:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"G:\Games\StarCraft II\Versions\Base15405\SC2.exe"="G:\Games\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"G:\Games\LoL\air\LolClient.exe"="G:\Games\LoL\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"G:\Games\LoL\game\League of Legends.exe"="G:\Games\LoL\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Hry\cs\steamapps\heroo16\source sdk base 2007\hl2.exe"="D:\Hry\cs\steamapps\heroo16\source sdk base 2007\hl2.exe:*:Enabled:hl2"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Webteh\BSplayer\bsplayer.exe"="C:\Program Files\Webteh\BSplayer\bsplayer.exe:*:Enabled:BS.Player"
"C:\Program Files\gta2gh\gta2gh.exe"="C:\Program Files\gta2gh\gta2gh.exe:*:Enabled:gta2gh"
"G:\Programy\Media go\MediaGo.exe"="G:\Programy\Media go\MediaGo.exe:*:Enabled:Media Go"
"G:\Programy\xampp\xampp\FileZillaFTP\FileZilla Server.exe"="G:\Programy\xampp\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server"
"G:\Games\dsadas\hlds.exe"="G:\Games\dsadas\hlds.exe:*:Enabled:HLDS Launcher"
"G:\Games\CaC\Hra\ZH\game.dat"="G:\Games\CaC\Hra\ZH\game.dat:*:Enabled:game"
"C:\Program Files\Tunngle\TnglCtrl.exe"="C:\Program Files\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service"
"C:\Program Files\Tunngle\Tunngle.exe"="C:\Program Files\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"G:\Games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe"="G:\Games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"G:\Games\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe"="G:\Games\GTA IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"E:\Warcraft III\Warcraft III\gproxy.exe"="E:\Warcraft III\Warcraft III\gproxy.exe:*:Enabled:gproxy"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Hry\cs\steamapps\heroo16\dedicated server\hltv.exe"="D:\Hry\cs\steamapps\heroo16\dedicated server\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Hry\cs\steamapps\heroo16\half-life\hl.exe"="D:\Hry\cs\steamapps\heroo16\half-life\hl.exe:*:Enabled:Half-Life"
"C:\Program Files\EslWire\wire.exe"="C:\Program Files\EslWire\wire.exe:*:Enabled:ESL Wire Client"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"
"D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe"="D:\Hry\cs\steamapps\heroo16\dedicated server\hlds.exe:*:Enabled:Dedicated Server"
"G:\Games\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"="G:\Games\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe"="D:\Hry\cs\steamapps\heroo16\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"VIDC.WMV3"=wmv9vcm.dll
"vidc.VP60"=C:\WINDOWS\System32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\System32\vp6vfw.dll
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"VIDC.IV41"=IR41_32.AX
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-15 13:28:56 ----A---- C:\WINDOWS\system32\OLD17A.tmp
2011-09-15 13:28:56 ----A---- C:\WINDOWS\system32\OLD177.tmp
2011-09-15 13:28:56 ----A---- C:\WINDOWS\system32\OLD174.tmp
2011-09-15 11:28:29 ----A---- C:\WINDOWS\OLD6E.tmp
2011-09-15 11:26:21 ----D---- C:\WINDOWS\LastGood
2011-09-12 21:26:53 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2011-09-12 21:26:38 ----D---- C:\WINDOWS\system32\Data
2011-09-12 15:17:20 ----AD---- C:\WINDOWS\VDLL.DLL
2011-09-12 15:17:20 ----AD---- C:\WINDOWS\system32\runouce.exe
2011-09-12 15:17:20 ----AD---- C:\WINDOWS\rundll16.exe
2011-09-12 15:17:20 ----AD---- C:\WINDOWS\RUNDL132.EXE
2011-09-12 15:17:20 ----AD---- C:\WINDOWS\logo1_.exe
2011-09-12 15:17:20 ----AD---- C:\WINDOWS\logo_1.exe
2011-09-12 15:10:02 ----A---- C:\WINDOWS\system32\msvcr80.dll
2011-09-12 15:10:01 ----A---- C:\WINDOWS\system32\msvcp80.dll
2011-09-12 15:10:00 ----A---- C:\WINDOWS\system32\eEmpty.exe
2011-09-12 15:09:57 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2011-09-12 15:09:57 ----A---- C:\WINDOWS\system32\T.COM
2011-09-12 15:09:57 ----A---- C:\WINDOWS\REGEDIT.COM
2011-09-12 15:09:57 ----A---- C:\WINDOWS\R.COM
2011-09-12 15:09:55 ----D---- C:\Program Files\Common Files\MicroWorld
2011-09-12 15:09:48 ----D---- C:\Documents and Settings\All Users\Application Data\MicroWorld
2011-09-11 13:44:11 ----D---- C:\Documents and Settings\heRoo\Application Data\Download Manager
2011-09-04 01:07:59 ----A---- C:\Program Files\Common Files\WireHelpSvc.exe
2011-09-04 01:07:55 ----A---- C:\WINDOWS\system32\drivers\ESLWireACD.sys
2011-09-04 01:07:48 ----A---- C:\WINDOWS\system32\drivers\ESLvnic.sys
2011-09-04 01:07:47 ----D---- C:\Program Files\EslWire
2011-09-04 01:07:47 ----D---- C:\Documents and Settings\All Users\Application Data\ESL Wire
2011-08-28 23:31:55 ----D---- C:\Program Files\PHLTV
2011-08-22 02:46:16 ----D---- C:\Program Files\Windows MultiPoint Mouse SDK
2011-08-22 02:24:09 ----A---- C:\WINDOWS\system32\cpnmouse.sys
2011-08-22 02:21:41 ----A---- C:\WINDOWS\system32\drivers\cpnmouse.sys
2011-08-21 16:01:23 ----D---- C:\Program Files\MeeSoft
2011-08-20 11:26:04 ----D---- C:\Program Files\Presentation Assistant
2011-08-20 11:26:04 ----D---- C:\Documents and Settings\heRoo\Application Data\Presentation Assistant
2011-08-19 19:19:54 ----D---- C:\Documents and Settings\heRoo\Application Data\Grasssoft
2011-08-19 19:19:48 ----D---- C:\Documents and Settings\All Users\Application Data\Grasssoft
2011-08-19 19:19:40 ----D---- C:\Program Files\GrassSoft
2011-08-19 13:40:52 ----D---- C:\.jagex_cache_32

======List of files/folders modified in the last 1 month======

2011-09-15 16:42:48 ----D---- C:\Program Files\trend micro
2011-09-15 16:25:07 ----D---- C:\Documents and Settings\heRoo\Application Data\HLSW
2011-09-15 16:01:00 ----D---- C:\WINDOWS\Temp
2011-09-15 13:39:03 ----D---- C:\WINDOWS\system32\wbem
2011-09-15 13:38:03 ----D---- C:\WINDOWS\system32\usmt
2011-09-15 13:37:01 ----D---- C:\WINDOWS\system32\Restore
2011-09-15 13:36:00 ----D---- C:\WINDOWS\system32\npp
2011-09-15 13:33:57 ----D---- C:\WINDOWS\system32\Com
2011-09-15 13:32:56 ----D---- C:\WINDOWS\system32
2011-09-15 13:29:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-15 12:20:30 ----D---- C:\WINDOWS\msagent
2011-09-15 11:28:29 ----D---- C:\WINDOWS
2011-09-15 11:25:20 ----D---- C:\Program Files\Windows NT
2011-09-15 11:18:10 ----D---- C:\Program Files\Outlook Express
2011-09-15 11:17:08 ----D---- C:\Program Files\NetMeeting
2011-09-15 11:14:06 ----D---- C:\Program Files\Movie Maker
2011-09-15 10:59:16 ----D---- C:\Program Files\Internet Explorer
2011-09-15 10:41:00 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-15 10:34:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-09-15 10:30:20 ----D---- C:\WINDOWS\Internet Logs
2011-09-15 01:43:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-12 21:27:45 ----D---- C:\Program Files\Creative
2011-09-12 21:26:53 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2011-09-12 21:26:49 ----D---- C:\WINDOWS\system32\drivers
2011-09-12 21:26:44 ----HD---- C:\WINDOWS\inf
2011-09-12 21:26:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-09-12 21:26:19 ----HD---- C:\Program Files\InstallShield Installation Information
2011-09-12 21:26:10 ----D---- C:\Documents and Settings\heRoo\Application Data\Skype
2011-09-12 20:57:47 ----D---- C:\WINDOWS\Prefetch
2011-09-12 15:21:11 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2011-09-12 15:21:04 ----A---- C:\WINDOWS\system32\xcopy.exe
2011-09-12 15:21:03 ----A---- C:\WINDOWS\system32\WudfHost.exe
2011-09-12 15:21:02 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2011-09-12 15:21:02 ----A---- C:\WINDOWS\system32\wuauclt.exe
2011-09-12 15:21:01 ----A---- C:\WINDOWS\system32\wpnpinst.exe
2011-09-12 15:21:00 ----A---- C:\WINDOWS\system32\wpdshextautoplay.exe
2011-09-12 15:21:00 ----A---- C:\WINDOWS\system32\wpabaln.exe
2011-09-12 15:20:56 ----A---- C:\WINDOWS\system32\winver.exe
2011-09-12 15:20:55 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2011-09-12 15:20:54 ----A---- C:\WINDOWS\system32\wextract.exe
2011-09-12 15:20:54 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2011-09-12 15:20:53 ----A---- C:\WINDOWS\system32\verclsid.exe
2011-09-12 15:20:52 ----A---- C:\WINDOWS\system32\uwdf.exe
2011-09-12 15:20:52 ----A---- C:\WINDOWS\system32\utilman.exe
2011-09-12 15:20:49 ----A---- C:\WINDOWS\system32\upnpcont.exe
2011-09-12 15:20:49 ----A---- C:\WINDOWS\system32\tzchange.exe
2011-09-12 15:20:48 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2011-09-12 15:20:48 ----A---- C:\WINDOWS\system32\tracert.exe
2011-09-12 15:20:48 ----A---- C:\WINDOWS\system32\tracerpt.exe
2011-09-12 15:20:47 ----A---- C:\WINDOWS\system32\tourstart.exe
2011-09-12 15:20:46 ----A---- C:\WINDOWS\system32\tlntsess.exe
2011-09-12 15:20:46 ----A---- C:\WINDOWS\system32\tlntadmn.exe
2011-09-12 15:20:46 ----A---- C:\WINDOWS\system32\telnet.exe
2011-09-12 15:20:45 ----A---- C:\WINDOWS\system32\taskmgr.exe
2011-09-12 15:20:44 ----A---- C:\WINDOWS\system32\tasklist.exe
2011-09-12 15:20:44 ----A---- C:\WINDOWS\system32\taskkill.exe
2011-09-12 15:20:43 ----A---- C:\WINDOWS\system32\systeminfo.exe
2011-09-12 15:20:42 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2011-09-12 15:20:41 ----A---- C:\WINDOWS\system32\stimon.exe
2011-09-12 15:20:34 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2011-09-12 15:20:34 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2011-09-12 15:20:33 ----A---- C:\WINDOWS\system32\spnpinst.exe
2011-09-12 15:20:33 ----A---- C:\WINDOWS\system32\spiisupd.exe
2011-09-12 15:20:33 ----A---- C:\WINDOWS\system32\spider.exe
2011-09-12 15:20:32 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2011-09-12 15:20:32 ----A---- C:\WINDOWS\system32\sort.exe
2011-09-12 15:20:31 ----A---- C:\WINDOWS\system32\sndrec32.exe
2011-09-12 15:20:30 ----A---- C:\WINDOWS\system32\smbinst.exe
2011-09-12 15:20:30 ----A---- C:\WINDOWS\system32\slserv.exe
2011-09-12 15:20:30 ----A---- C:\WINDOWS\system32\slrundll.exe
2011-09-12 15:20:29 ----A---- C:\WINDOWS\system32\skeys.exe
2011-09-12 15:20:29 ----A---- C:\WINDOWS\system32\sigverif.exe
2011-09-12 15:20:29 ----A---- C:\WINDOWS\system32\shutdown.exe
2011-09-12 15:20:28 ----A---- C:\WINDOWS\system32\shrpubw.exe
2011-09-12 15:20:27 ----A---- C:\WINDOWS\system32\setupn.exe
2011-09-12 15:20:27 ----A---- C:\WINDOWS\system32\setup.exe
2011-09-12 15:20:26 ----A---- C:\WINDOWS\system32\sethc.exe
2011-09-12 15:20:26 ----A---- C:\WINDOWS\system32\secedit.exe
2011-09-12 15:20:25 ----A---- C:\WINDOWS\system32\sdbinst.exe
2011-09-12 15:20:24 ----A---- C:\WINDOWS\system32\schtasks.exe
2011-09-12 15:20:23 ----A---- C:\WINDOWS\system32\savedump.exe
2011-09-12 15:20:22 ----A---- C:\WINDOWS\system32\runonce.exe
2011-09-12 15:20:22 ----A---- C:\WINDOWS\system32\rtcshare.exe
2011-09-12 15:20:21 ----A---- C:\WINDOWS\system32\rsnotify.exe
2011-09-12 15:20:20 ----A---- C:\WINDOWS\system32\rsh.exe
2011-09-12 15:20:20 ----A---- C:\WINDOWS\system32\rexec.exe
2011-09-12 15:20:20 ----A---- C:\WINDOWS\system32\reg.exe
2011-09-12 15:20:19 ----A---- C:\WINDOWS\system32\rdshost.exe
2011-09-12 15:20:19 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2011-09-12 15:20:19 ----A---- C:\WINDOWS\system32\rdpclip.exe
2011-09-12 15:20:18 ----A---- C:\WINDOWS\system32\rcp.exe
2011-09-12 15:20:18 ----A---- C:\WINDOWS\system32\rcimlby.exe
2011-09-12 15:20:17 ----A---- C:\WINDOWS\system32\rasphone.exe
2011-09-12 15:20:16 ----A---- C:\WINDOWS\system32\qprocess.exe
2011-09-12 15:20:16 ----A---- C:\WINDOWS\system32\proxycfg.exe
2011-09-12 15:20:15 ----A---- C:\WINDOWS\system32\proquota.exe
2011-09-12 15:20:15 ----A---- C:\WINDOWS\system32\PresentationHost.exe
2011-09-12 15:20:14 ----A---- C:\WINDOWS\system32\powercfg.exe
2011-09-12 15:20:13 ----A---- C:\WINDOWS\system32\perfmon.exe
2011-09-12 15:20:12 ----A---- C:\WINDOWS\system32\packager.exe
2011-09-12 15:20:12 ----A---- C:\WINDOWS\system32\osk.exe
2011-09-12 15:20:11 ----A---- C:\WINDOWS\system32\openfiles.exe
2011-09-12 15:20:09 ----A---- C:\WINDOWS\system32\odbcconf.exe
2011-09-12 15:20:08 ----RA---- C:\WINDOWS\system32\nvusmu.exe
2011-09-12 15:20:08 ----RA---- C:\WINDOWS\system32\nvusmb.exe
2011-09-12 15:20:08 ----A---- C:\WINDOWS\system32\odbcad32.exe
2011-09-12 15:20:08 ----A---- C:\WINDOWS\system32\nvunrm.exe
2011-09-12 15:20:07 ----RA---- C:\WINDOWS\system32\NVUNINST.EXE
2011-09-12 15:20:06 ----A---- C:\WINDOWS\system32\ntbackup.exe
2011-09-12 15:20:06 ----A---- C:\WINDOWS\system32\nslookup.exe
2011-09-12 15:20:05 ----A---- C:\WINDOWS\system32\notepad.exe
2011-09-12 15:20:05 ----A---- C:\WINDOWS\system32\netstat.exe
2011-09-12 15:20:05 ----A---- C:\WINDOWS\system32\netsh.exe
2011-09-12 15:20:04 ----A---- C:\WINDOWS\system32\netsetup.exe
2011-09-12 15:20:04 ----A---- C:\WINDOWS\system32\net1.exe
2011-09-12 15:20:03 ----A---- C:\WINDOWS\system32\net.exe
2011-09-12 15:20:03 ----A---- C:\WINDOWS\system32\nddeapir.exe
2011-09-12 15:20:03 ----A---- C:\WINDOWS\system32\narrator.exe
2011-09-12 15:20:02 ----A---- C:\WINDOWS\system32\napstat.exe
2011-09-12 15:20:00 ----A---- C:\WINDOWS\system32\mstsc.exe
2011-09-12 15:19:59 ----A---- C:\WINDOWS\system32\mstinit.exe
2011-09-12 15:19:56 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2011-09-12 15:19:54 ----A---- C:\WINDOWS\system32\mqbkup.exe
2011-09-12 15:19:54 ----A---- C:\WINDOWS\system32\mobsync.exe
2011-09-12 15:19:53 ----A---- C:\WINDOWS\system32\mmcperf.exe
2011-09-12 15:19:53 ----A---- C:\WINDOWS\system32\mmc.exe
2011-09-12 15:19:52 ----A---- C:\WINDOWS\system32\migpwd.exe
2011-09-12 15:19:50 ----A---- C:\WINDOWS\system32\makecab.exe
2011-09-12 15:19:50 ----A---- C:\WINDOWS\system32\magnify.exe
2011-09-12 15:19:50 ----A---- C:\WINDOWS\system32\logonui.exe
2011-09-12 15:19:49 ----A---- C:\WINDOWS\system32\logman.exe
2011-09-12 15:19:47 ----A---- C:\WINDOWS\system32\javaws.exe
2011-09-12 15:19:46 ----A---- C:\WINDOWS\system32\javaw.exe
2011-09-12 15:19:46 ----A---- C:\WINDOWS\system32\java.exe
2011-09-12 15:19:44 ----A---- C:\WINDOWS\system32\ipxroute.exe
2011-09-12 15:19:44 ----A---- C:\WINDOWS\system32\ipv6.exe
2011-09-12 15:19:43 ----A---- C:\WINDOWS\system32\ipconfig.exe
2011-09-12 15:19:41 ----A---- C:\WINDOWS\system32\iexpress.exe
2011-09-12 15:19:41 ----A---- C:\WINDOWS\system32\icardagt.exe
2011-09-12 15:19:39 ----A---- C:\WINDOWS\system32\help.exe
2011-09-12 15:19:39 ----A---- C:\WINDOWS\system32\grpconv.exe
2011-09-12 15:19:39 ----A---- C:\WINDOWS\system32\gpresult.exe
2011-09-12 15:19:38 ----A---- C:\WINDOWS\system32\getmac.exe
2011-09-12 15:19:38 ----A---- C:\WINDOWS\system32\ftp.exe
2011-09-12 15:19:37 ----A---- C:\WINDOWS\system32\fsquirt.exe
2011-09-12 15:19:37 ----A---- C:\WINDOWS\system32\forcedos.exe
2011-09-12 15:19:37 ----A---- C:\WINDOWS\system32\fontview.exe
2011-09-12 15:19:36 ----A---- C:\WINDOWS\system32\fltmc.exe
2011-09-12 15:19:36 ----A---- C:\WINDOWS\system32\findstr.exe
2011-09-12 15:19:35 ----A---- C:\WINDOWS\system32\faxpatch.exe
2011-09-12 15:19:35 ----A---- C:\WINDOWS\system32\extrac32.exe
2011-09-12 15:19:35 ----A---- C:\WINDOWS\system32\eventtriggers.exe
2011-09-12 15:19:34 ----A---- C:\WINDOWS\system32\eventcreate.exe
2011-09-12 15:19:34 ----A---- C:\WINDOWS\system32\eudcedit.exe
2011-09-12 15:19:33 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2011-09-12 15:19:32 ----A---- C:\WINDOWS\system32\dxdiag.exe
2011-09-12 15:19:31 ----A---- C:\WINDOWS\system32\dwwin.exe
2011-09-12 15:19:30 ----A---- C:\WINDOWS\system32\dvdupgrd.exe
2011-09-12 15:19:30 ----A---- C:\WINDOWS\system32\dvdplay.exe
2011-09-12 15:19:30 ----A---- C:\WINDOWS\system32\dumprep.exe
2011-09-12 15:19:30 ----A---- C:\WINDOWS\system32\drmupgds.exe
2011-09-12 15:19:29 ----A---- C:\WINDOWS\system32\driverquery.exe
2011-09-12 15:19:29 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2011-09-12 15:19:29 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2011-09-12 15:19:28 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2011-09-12 15:19:28 ----A---- C:\WINDOWS\system32\dns-sd.exe
2011-09-12 15:19:28 ----A---- C:\WINDOWS\system32\dmremote.exe
2011-09-12 15:19:27 ----A---- C:\WINDOWS\system32\diskpart.exe
2011-09-12 15:19:27 ----A---- C:\WINDOWS\system32\diantz.exe
2011-09-12 15:19:27 ----A---- C:\WINDOWS\system32\dfrgntfs.exe
2011-09-12 15:19:26 ----A---- C:\WINDOWS\system32\dfrgfat.exe
2011-09-12 15:19:26 ----A---- C:\WINDOWS\system32\defrag.exe
2011-09-12 15:19:26 ----A---- C:\WINDOWS\system32\ddeshare.exe
2011-09-12 15:19:26 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2011-09-12 15:19:16 ----A---- C:\WINDOWS\system32\ctfmon.exe
2011-09-12 15:19:15 ----A---- C:\WINDOWS\system32\cscript.exe
2011-09-12 15:19:14 ----A---- C:\WINDOWS\system32\conime.exe
2011-09-12 15:19:14 ----A---- C:\WINDOWS\system32\comsdupd.exe
2011-09-12 15:19:13 ----A---- C:\WINDOWS\system32\cmstp.exe
2011-09-12 15:19:13 ----A---- C:\WINDOWS\system32\cmmon32.exe
2011-09-12 15:19:13 ----A---- C:\WINDOWS\system32\cmdl32.exe
2011-09-12 15:19:13 ----A---- C:\WINDOWS\system32\clipbrd.exe
2011-09-12 15:19:12 ----A---- C:\WINDOWS\system32\cliconfg.exe
2011-09-12 15:19:12 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2011-09-12 15:19:12 ----A---- C:\WINDOWS\system32\cipher.exe
2011-09-12 15:19:11 ----A---- C:\WINDOWS\system32\cacls.exe
2011-09-12 15:19:11 ----A---- C:\WINDOWS\system32\bootcfg.exe
2011-09-12 15:19:10 ----A---- C:\WINDOWS\system32\blastcln.exe
2011-09-12 15:19:09 ----A---- C:\WINDOWS\system32\auditusr.exe
2011-09-12 15:19:09 ----A---- C:\WINDOWS\system32\attrib.exe
2011-09-12 15:19:09 ----A---- C:\WINDOWS\system32\atmadm.exe
2011-09-12 15:19:04 ----A---- C:\WINDOWS\system32\ATIODE.exe
2011-09-12 15:19:03 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2011-09-12 15:19:03 ----A---- C:\WINDOWS\system32\atibtmon.exe
2011-09-12 15:19:03 ----A---- C:\WINDOWS\system32\atiapfxx.exe
2011-09-12 15:19:02 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2011-09-12 15:19:02 ----A---- C:\WINDOWS\system32\at.exe
2011-09-12 15:19:01 ----A---- C:\WINDOWS\system32\asr_pfu.exe
2011-09-12 15:19:01 ----A---- C:\WINDOWS\system32\asr_fmt.exe
2011-09-12 15:19:00 ----A---- C:\WINDOWS\system32\ahui.exe
2011-09-12 15:18:58 ----A---- C:\WINDOWS\system32\actmovie.exe
2011-09-12 15:18:58 ----A---- C:\WINDOWS\system32\AcSignOpt.exe
2011-09-12 15:18:57 ----A---- C:\WINDOWS\system32\accwiz.exe
2011-09-12 15:18:55 ----A---- C:\WINDOWS\winhlp32.exe
2011-09-12 15:18:54 ----A---- C:\WINDOWS\Updreg.EXE
2011-09-12 15:18:53 ----A---- C:\WINDOWS\ST5UNST.EXE
2011-09-12 15:18:53 ----A---- C:\WINDOWS\regedit.exe
2011-09-12 15:18:52 ----A---- C:\WINDOWS\P17DEF.EXE
2011-09-12 15:18:52 ----A---- C:\WINDOWS\notepad.exe
2011-09-12 15:18:51 ----A---- C:\WINDOWS\MIDIDEF.EXE
2011-09-12 15:18:51 ----A---- C:\WINDOWS\lsb_un20.exe
2011-09-12 15:18:50 ----A---- C:\WINDOWS\IsUninst.exe
2011-09-12 15:18:50 ----A---- C:\WINDOWS\hh.exe
2011-09-12 15:18:49 ----A---- C:\WINDOWS\Ctregrun.exe
2011-09-12 15:18:49 ----A---- C:\WINDOWS\ColorPic Uninstaller.exe
2011-09-12 15:18:46 ----D---- C:\Program Files\Cheat Engine
2011-09-12 15:17:18 ----A---- C:\WINDOWS\system32\vssvc.exe
2011-09-12 15:17:16 ----A---- C:\WINDOWS\system32\ups.exe
2011-09-12 15:17:16 ----A---- C:\WINDOWS\system32\tlntsvr.exe
2011-09-12 15:17:16 ----A---- C:\WINDOWS\system32\smlogsvc.exe
2011-09-12 15:17:15 ----A---- C:\WINDOWS\system32\scardsvr.exe
2011-09-12 15:17:14 ----A---- C:\WINDOWS\system32\locator.exe
2011-09-12 15:17:13 ----A---- C:\WINDOWS\system32\sessmgr.exe
2011-09-12 15:17:12 ----A---- C:\WINDOWS\system32\netdde.exe
2011-09-12 15:17:12 ----A---- C:\WINDOWS\system32\msdtc.exe
2011-09-12 15:17:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2011-09-12 15:17:11 ----A---- C:\WINDOWS\system32\imapi.exe
2011-09-12 15:17:09 ----A---- C:\WINDOWS\system32\dmadmin.exe
2011-09-12 15:17:08 ----A---- C:\WINDOWS\system32\dllhost.exe
2011-09-12 15:17:08 ----A---- C:\WINDOWS\system32\clipsrv.exe
2011-09-12 15:17:08 ----A---- C:\WINDOWS\system32\cisvc.exe
2011-09-12 15:16:53 ----A---- C:\WINDOWS\system32\wscript.exe
2011-09-12 15:16:52 ----A---- C:\WINDOWS\system32\mshta.exe
2011-09-12 15:16:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2011-09-12 15:16:48 ----A---- C:\WINDOWS\system32\shmgrate.exe
2011-09-12 15:16:48 ----A---- C:\WINDOWS\system32\regsvr32.exe
2011-09-12 15:16:47 ----A---- C:\WINDOWS\system32\ntvdm.exe
2011-09-12 15:16:45 ----A---- C:\WINDOWS\system32\userinit.exe
2011-09-12 15:16:40 ----A---- C:\WINDOWS\system32\mspaint.exe
2011-09-12 15:09:55 ----D---- C:\Program Files\Common Files
2011-09-11 14:10:16 ----ASH---- C:\boot.ini
2011-09-11 11:46:02 ----D---- C:\WINDOWS\mui
2011-09-09 17:56:33 ----SHD---- C:\WINDOWS\Installer
2011-09-08 23:18:05 ----SD---- C:\WINDOWS\Tasks
2011-09-07 18:29:15 ----D---- C:\Program Files\Mozilla Firefox
2011-09-04 01:07:47 ----RD---- C:\Program Files
2011-08-26 22:49:50 ----A---- C:\Documents and Settings\heRoo\Application Data\myMPQ.ini
2011-08-22 02:46:27 ----RSD---- C:\WINDOWS\assembly
2011-08-22 02:43:55 ----D---- C:\WINDOWS\SoftwareDistribution
2011-08-22 00:50:57 ----D---- C:\WINDOWS\.jagex_cache_32
2011-08-19 19:19:55 ----RSD---- C:\WINDOWS\Fonts
2011-08-19 19:19:42 ----D---- C:\Documents and Settings\heRoo\Application Data\GetRightToGo
2011-08-18 03:21:53 ----D---- C:\Program Files\AMX Mod X
2011-08-16 02:55:28 ----D---- C:\Documents and Settings\heRoo\Application Data\mIRC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-17 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 ESLWireAC;ESLWireAC; \??\C:\WINDOWS\system32\drivers\ESLWireACD.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2010-08-04 5243392]
R3 BTCAMDRV;Mobiola Web Camera driver; C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit; C:\WINDOWS\system32\DRIVERS\ESLvnic.sys [2011-08-03 24504]
R3 gbridge;Gbridge Virtual Miniport; C:\WINDOWS\system32\DRIVERS\gbridge.sys [2009-05-10 41216]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2007-11-17 54016]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2007-11-17 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2007-08-21 21760]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-08-22 27632]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\WINDOWS\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 au08znq6;au08znq6; C:\WINDOWS\system32\drivers\au08znq6.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpnmouse;cpnmouse; C:\WINDOWS\system32\DRIVERS\cpnmouse.sys [2003-11-28 5162]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-08-22 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-08-22 25512]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1039bus.sys [2009-11-19 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1039mdfl.sys [2009-11-19 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1039mdm.sys [2009-11-19 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1039mgmt.sys [2009-11-19 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1039nd5.sys [2009-11-19 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1039obex.sys [2009-11-19 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1039unic.sys [2009-11-19 123504]
S3 se32;EnTech softEngine; C:\WINDOWS\system32\drivers\se32.sys [2007-05-03 12112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys [2010-02-12 99152]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-04 606208]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-16 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2010-11-22 718072]
R2 WireHelpSvc;WireHelpSvc; C:\Program Files\Common Files\WireHelpSvc.exe [2011-08-03 265120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2011-09-12 308186]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-12 313818]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2011-09-12 2613722]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2011-09-12 212950]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-09-12 255958]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-12 832474]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-12 313818]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2011-09-12 1062368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2011-09-12 931296]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2011-09-12 247252]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: problem s cervom

Napsal: 15 zář 2011 15:49
od tomikaco
C:\WINDOWS\system32\xpsp1hfm.exe

http://www.virustotal.com/file-scan/rep ... 1316097852

ta spominana exe aplikacia, ktoru som omylom otvoril (mal ikonku priecinku, nevsimol som si to ..) je tu a na 99% je ona povodom toho viru.

http://www.virustotal.com/file-scan/rep ... 1314126901

Re: problem s cervom

Napsal: 15 zář 2011 16:06
od tomikaco
RAR s heslom mas v PM


Hned dodam aj vysledky tych testov

Re: problem s cervom

Napsal: 15 zář 2011 16:16
od tomikaco
CD mozem napalit, ale vyzera, ze system je v poriadku. Ziadne spomalenie PC nedetekujem, iba blbne login - po nalogovani sa do windowsu vidim iba plochu, nezapne sa explorer.exe, musim ho cez task managera killnut a zapnut znova.

C:\WINDOWS\System32\smss.exe
http://www.virustotal.com/file-scan/rep ... 1316098614


C:\WINDOWS\system32\winlogon.exe
http://www.virustotal.com/file-scan/rep ... 1316099118


C:\WINDOWS\system32\services.exe
http://www.virustotal.com/file-scan/rep ... 1316099194

C:\WINDOWS\system32\lsass.exe
http://www.virustotal.com/file-scan/rep ... 1316099203


C:\WINDOWS\system32\Ati2evxx.exe
http://www.virustotal.com/file-scan/rep ... 1316098838


C:\WINDOWS\system32\svchost.exe
http://www.virustotal.com/file-scan/rep ... 1316099302


C:\WINDOWS\system32\spoolsv.exe
http://www.virustotal.com/file-scan/rep ... 1316099318


C:\WINDOWS\explorer.exe
http://www.virustotal.com/file-scan/rep ... 1316099347

Re: problem s cervom

Napsal: 15 zář 2011 16:55
od tomikaco
ComboFix skoncil, ale restartoval PC, nemohol som s tym nic robit. Neviem ake oblbovaky myslis s tym Nortonom, stahujem teda nejaku shareware verziu, je to ok?

ComFix log:
ComboFix 11-09-15.05 - heRoo 15.09.2011 17:34:06.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1389 [GMT 2:00]
Running from: c:\documents and settings\heRoo\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
The following files were disabled during the run:
c:\docume~1\heRoo\LOCALS~1\Temp\ppa1C.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\heRoo\LOCALS~1\Temp\adn2EF.tmp
c:\docume~1\heRoo\LOCALS~1\Temp\ohn346.tmp
c:\docume~1\heRoo\LOCALS~1\Temp\pin349.tmp
c:\docume~1\heRoo\LOCALS~1\Temp\ppa1C.tmp.vir
c:\docume~1\heRoo\LOCALS~1\Temp\sin34B.tmp
c:\documents and settings\heRoo\Local Settings\temp\adn2EF.tmp
c:\documents and settings\heRoo\Local Settings\temp\ohn346.tmp
c:\documents and settings\heRoo\Local Settings\temp\pin349.tmp
c:\documents and settings\heRoo\Local Settings\temp\ppa1C.tmp.vir
c:\documents and settings\heRoo\Local Settings\temp\sin34B.tmp
c:\documents and settings\heRoo\WINDOWS
c:\program files\Common Files\WireHelpSvc.exe
c:\program files\messenger\msmsgsin.exe
c:\windows\regedit.com
c:\windows\settings.reg
c:\windows\system32\d3d9caps.dat
c:\windows\system32\mfc100deu.dll
c:\windows\system32\taskmgr.com
d:\documents and settings\heRoo\My Documents\02.jpg
d:\documents and settings\heRoo\My Documents\03.jpg
.
c:\windows\system32\userinit.exe . . . is infected!!
.
c:\windows\system32\clipsrv.exe . . . is infected!!
.
c:\windows\hh.exe . . . is infected!!
.
c:\windows\notepad.exe . . . is infected!!
.
c:\windows\regedit.exe . . . is infected!!
.
Infected copy of c:\windows\winhlp32.exe was found and disinfected
Restored copy from - c:\windows\system32\winhlp32.exe
.
c:\windows\msagent\agentsvr.exe . . . is infected!!
.
c:\windows\mui\muisetup.exe . . . is infected!!
.
c:\windows\PCHealth\HelpCtr\Binaries\helpctr.exe . . . is infected!!
.
c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe . . . is infected!!
.
c:\windows\PCHealth\HelpCtr\Binaries\hscupd.exe . . . is infected!!
.
c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe . . . is infected!!
.
c:\windows\PCHealth\UploadLB\Binaries\uploadm.exe . . . is infected!!
.
c:\windows\system32\accwiz.exe . . . is infected!!
.
c:\windows\system32\actmovie.exe . . . is infected!!
.
c:\windows\system32\ahui.exe . . . is infected!!
.
c:\windows\system32\asr_fmt.exe . . . is infected!!
.
c:\windows\system32\asr_pfu.exe . . . is infected!!
.
c:\windows\system32\at.exe . . . is infected!!
.
c:\windows\system32\atmadm.exe . . . is infected!!
.
c:\windows\system32\attrib.exe . . . is infected!!
.
c:\windows\system32\auditusr.exe . . . is infected!!
.
c:\windows\system32\blastcln.exe . . . is infected!!
.
c:\windows\system32\bootcfg.exe . . . is infected!!
.
c:\windows\system32\cacls.exe . . . is infected!!
.
c:\windows\system32\cipher.exe . . . is infected!!
.
c:\windows\system32\cisvc.exe . . . is infected!!
.
c:\windows\system32\cleanmgr.exe . . . is infected!!
.
c:\windows\system32\clipbrd.exe . . . is infected!!
.
c:\windows\system32\cmd.exe . . . is infected!!
.
c:\windows\system32\cmdl32.exe . . . is infected!!
.
c:\windows\system32\cmmon32.exe . . . is infected!!
.
c:\windows\system32\cmstp.exe . . . is infected!!
.
c:\windows\system32\conime.exe . . . is infected!!
.
c:\windows\system32\cscript.exe . . . is infected!!
.
c:\windows\system32\ctfmon.exe . . . is infected!!
.
c:\windows\system32\dcomcnfg.exe . . . is infected!!
.
c:\windows\system32\ddeshare.exe . . . is infected!!
.
c:\windows\system32\defrag.exe . . . is infected!!
.
c:\windows\system32\dfrgfat.exe . . . is infected!!
.
c:\windows\system32\dfrgntfs.exe . . . is infected!!
.
c:\windows\system32\diantz.exe . . . is infected!!
.
c:\windows\system32\diskpart.exe . . . is infected!!
.
c:\windows\system32\dllhost.exe . . . is infected!!
.
c:\windows\system32\dmadmin.exe . . . is infected!!
.
c:\windows\system32\dmremote.exe . . . is infected!!
.
c:\windows\system32\dplaysvr.exe . . . is infected!!
.
c:\windows\system32\dpnsvr.exe . . . is infected!!
.
c:\windows\system32\dpvsetup.exe . . . is infected!!
.
c:\windows\system32\driverquery.exe . . . is infected!!
.
c:\windows\system32\dumprep.exe . . . is infected!!
.
c:\windows\system32\dvdplay.exe . . . is infected!!
.
c:\windows\system32\dvdupgrd.exe . . . is infected!!
.
c:\windows\system32\dwwin.exe . . . is infected!!
.
c:\windows\system32\dxdiag.exe . . . is infected!!
.
c:\windows\system32\eudcedit.exe . . . is infected!!
.
c:\windows\system32\eventcreate.exe . . . is infected!!
.
c:\windows\system32\eventtriggers.exe . . . is infected!!
.
c:\windows\system32\extrac32.exe . . . is infected!!
.
c:\windows\system32\findstr.exe . . . is infected!!
.
c:\windows\system32\fltmc.exe . . . is infected!!
.
c:\windows\system32\fontview.exe . . . is infected!!
.
c:\windows\system32\forcedos.exe . . . is infected!!
.
c:\windows\system32\fsquirt.exe . . . is infected!!
.
c:\windows\system32\ftp.exe . . . is infected!!
.
c:\windows\system32\getmac.exe . . . is infected!!
.
c:\windows\system32\gpresult.exe . . . is infected!!
.
c:\windows\system32\grpconv.exe . . . is infected!!
.
c:\windows\system32\help.exe . . . is infected!!
.
c:\windows\system32\ie4uinit.exe . . . is infected!!
.
c:\windows\system32\iexpress.exe . . . is infected!!
.
c:\windows\system32\imapi.exe . . . is infected!!
.
c:\windows\system32\ipconfig.exe . . . is infected!!
.
c:\windows\system32\ipv6.exe . . . is infected!!
.
c:\windows\system32\ipxroute.exe . . . is infected!!
.
c:\windows\system32\locator.exe . . . is infected!!
.
c:\windows\system32\logman.exe . . . is infected!!
.
c:\windows\system32\logonui.exe . . . is infected!!
.
c:\windows\system32\magnify.exe . . . is infected!!
.
c:\windows\system32\makecab.exe . . . is infected!!
.
c:\windows\system32\mmc.exe . . . is infected!!
.
c:\windows\system32\mmcperf.exe . . . is infected!!
.
c:\windows\system32\mnmsrvc.exe . . . is infected!!
.
c:\windows\system32\mobsync.exe . . . is infected!!
.
c:\windows\system32\mqbkup.exe . . . is infected!!
.
c:\windows\system32\mqtgsvc.exe . . . is infected!!
.
c:\windows\system32\msdtc.exe . . . is infected!!
.
c:\windows\system32\mshta.exe . . . is infected!!
.
c:\windows\system32\mspaint.exe . . . is infected!!
.
c:\windows\system32\mstinit.exe . . . is infected!!
.
c:\windows\system32\mstsc.exe . . . is infected!!
.
c:\windows\system32\napstat.exe . . . is infected!!
.
c:\windows\system32\narrator.exe . . . is infected!!
.
c:\windows\system32\nddeapir.exe . . . is infected!!
.
c:\windows\system32\net.exe . . . is infected!!
.
c:\windows\system32\net1.exe . . . is infected!!
.
c:\windows\system32\netdde.exe . . . is infected!!
.
c:\windows\system32\netsetup.exe . . . is infected!!
.
c:\windows\system32\netsh.exe . . . is infected!!
.
c:\windows\system32\netstat.exe . . . is infected!!
.
c:\windows\system32\nslookup.exe . . . is infected!!
.
c:\windows\system32\ntbackup.exe . . . is infected!!
.
c:\windows\system32\ntvdm.exe . . . is infected!!
.
c:\windows\system32\odbcad32.exe . . . is infected!!
.
c:\windows\system32\odbcconf.exe . . . is infected!!
.
c:\windows\system32\openfiles.exe . . . is infected!!
.
c:\windows\system32\osk.exe . . . is infected!!
.
c:\windows\system32\packager.exe . . . is infected!!
.
c:\windows\system32\perfmon.exe . . . is infected!!
.
c:\windows\system32\ping.exe . . . is infected!!
.
c:\windows\system32\powercfg.exe . . . is infected!!
.
c:\windows\system32\proquota.exe . . . is infected!!
.
c:\windows\system32\proxycfg.exe . . . is infected!!
.
c:\windows\system32\qprocess.exe . . . is infected!!
.
c:\windows\system32\rasphone.exe . . . is infected!!
.
c:\windows\system32\rcimlby.exe . . . is infected!!
.
c:\windows\system32\rcp.exe . . . is infected!!
.
c:\windows\system32\rdpclip.exe . . . is infected!!
.
c:\windows\system32\rdsaddin.exe . . . is infected!!
.
c:\windows\system32\rdshost.exe . . . is infected!!
.
c:\windows\system32\reg.exe . . . is infected!!
.
c:\windows\system32\regsvr32.exe . . . is infected!!
.
c:\windows\system32\rexec.exe . . . is infected!!
.
c:\windows\system32\rsh.exe . . . is infected!!
.
c:\windows\system32\rsnotify.exe . . . is infected!!
.
c:\windows\system32\rtcshare.exe . . . is infected!!
.
c:\windows\system32\runonce.exe . . . is infected!!
.
c:\windows\system32\savedump.exe . . . is infected!!
.
c:\windows\system32\scardsvr.exe . . . is infected!!
.
c:\windows\system32\schtasks.exe . . . is infected!!
.
c:\windows\system32\sdbinst.exe . . . is infected!!
.
c:\windows\system32\secedit.exe . . . is infected!!
.
c:\windows\system32\sessmgr.exe . . . is infected!!
.
c:\windows\system32\sethc.exe . . . is infected!!
.
c:\windows\system32\setup.exe . . . is infected!!
.
c:\windows\system32\setupn.exe . . . is infected!!
.
c:\windows\system32\shmgrate.exe . . . is infected!!
.
c:\windows\system32\shrpubw.exe . . . is infected!!
.
c:\windows\system32\shutdown.exe . . . is infected!!
.
c:\windows\system32\sigverif.exe . . . is infected!!
.
c:\windows\system32\skeys.exe . . . is infected!!
.
c:\windows\system32\slserv.exe . . . is infected!!
.
c:\windows\system32\smbinst.exe . . . is infected!!
.
c:\windows\system32\smlogsvc.exe . . . is infected!!
.
c:\windows\system32\sndrec32.exe . . . is infected!!
.
c:\windows\system32\sort.exe . . . is infected!!
.
c:\windows\system32\spider.exe . . . is infected!!
.
c:\windows\system32\spiisupd.exe . . . is infected!!
.
c:\windows\system32\spnpinst.exe . . . is infected!!
.
c:\windows\system32\stimon.exe . . . is infected!!
.
c:\windows\system32\sysocmgr.exe . . . is infected!!
.
c:\windows\system32\systeminfo.exe . . . is infected!!
.
c:\windows\system32\taskkill.exe . . . is infected!!
.
c:\windows\system32\tasklist.exe . . . is infected!!
.
c:\windows\system32\taskmgr.exe . . . is infected!!
.
c:\windows\system32\telnet.exe . . . is infected!!
.
c:\windows\system32\tlntadmn.exe . . . is infected!!
.
c:\windows\system32\tlntsess.exe . . . is infected!!
.
c:\windows\system32\tlntsvr.exe . . . is infected!!
.
c:\windows\system32\tourstart.exe . . . is infected!!
.
c:\windows\system32\tracerpt.exe . . . is infected!!
.
c:\windows\system32\tracert.exe . . . is infected!!
.
c:\windows\system32\upnpcont.exe . . . is infected!!
.
c:\windows\system32\ups.exe . . . is infected!!
.
c:\windows\system32\utilman.exe . . . is infected!!
.
c:\windows\system32\vssvc.exe . . . is infected!!
.
c:\windows\system32\wextract.exe . . . is infected!!
.
c:\windows\system32\wiaacmgr.exe . . . is infected!!
.
c:\windows\system32\winver.exe . . . is infected!!
.
c:\windows\system32\wpabaln.exe . . . is infected!!
.
c:\windows\system32\wpnpinst.exe . . . is infected!!
.
c:\windows\system32\wscript.exe . . . is infected!!
.
c:\windows\system32\wuauclt.exe . . . is infected!!
.
c:\windows\system32\wuauclt1.exe . . . is infected!!
.
c:\windows\system32\xcopy.exe . . . is infected!!
.
c:\windows\system32\Com\comrepl.exe . . . is infected!!
.
c:\windows\system32\Com\comrereg.exe . . . is infected!!
.
c:\windows\system32\npp\nppagent.exe . . . is infected!!
.
c:\windows\system32\oobe\msoobe.exe . . . is infected!!
.
c:\windows\system32\oobe\oobebaln.exe . . . is infected!!
.
c:\windows\system32\Restore\rstrui.exe . . . is infected!!
.
c:\windows\system32\usmt\migload.exe . . . is infected!!
.
c:\windows\system32\usmt\migwiz.exe . . . is infected!!
.
c:\windows\system32\usmt\migwiza.exe . . . is infected!!
.
c:\windows\system32\wbem\mofcomp.exe . . . is infected!!
.
c:\windows\system32\wbem\scrcons.exe . . . is infected!!
.
c:\windows\system32\wbem\wbemtest.exe . . . is infected!!
.
c:\windows\system32\wbem\wmiadap.exe . . . is infected!!
.
c:\windows\system32\wbem\wmiapsrv.exe . . . is infected!!
.
c:\windows\system32\wbem\wmic.exe . . . is infected!!
.
c:\windows\system32\wbem\wmiprvse.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WireHelpSvc
-------\Service_WireHelpSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-08-15 to 2011-09-15 )))))))))))))))))))))))))))))))
.
.
2011-09-12 13:17 . 2011-09-12 13:17 -------- d---a-w- c:\windows\VDLL.DLL
2011-09-12 13:17 . 2011-09-12 13:17 -------- d---a-w- c:\windows\system32\runouce.exe
2011-09-12 13:17 . 2011-09-12 13:17 -------- d---a-w- c:\windows\rundll16.exe
2011-09-12 13:17 . 2011-09-12 13:17 -------- d---a-w- c:\windows\RUNDL132.EXE
2011-09-12 13:17 . 2011-09-12 13:17 -------- d---a-w- c:\windows\logo1_.exe
2011-09-12 13:17 . 2011-09-12 13:17 -------- d---a-w- c:\windows\logo_1.exe
2011-09-12 13:10 . 2011-09-12 13:10 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-09-12 13:10 . 2011-09-12 13:10 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-09-12 13:10 . 2011-09-12 13:09 214490 ----a-w- c:\windows\system32\eEmpty.exe
2011-09-12 13:09 . 2011-09-12 13:20 135680 ----a-w- c:\windows\system32\T.COM
2011-09-12 13:09 . 2011-09-12 13:18 146432 ----a-w- c:\windows\R.COM
2011-09-12 13:09 . 2011-09-12 13:09 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-09-12 13:09 . 2011-09-12 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2011-09-11 11:44 . 2011-09-11 11:52 -------- d-----w- c:\documents and settings\heRoo\Application Data\Download Manager
2011-09-03 23:08 . 2011-09-15 15:45 -------- d-----w- c:\documents and settings\heRoo\Local Settings\Application Data\ESL Wire Game Client
2011-09-03 23:07 . 2011-08-03 12:12 862496 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2011-09-03 23:07 . 2011-08-03 08:58 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2011-09-03 23:07 . 2011-09-03 23:07 -------- d-----w- c:\program files\EslWire
2011-09-03 23:07 . 2011-09-03 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ESL Wire
2011-08-28 21:31 . 2011-08-28 21:31 -------- d-----w- c:\program files\PHLTV
2011-08-22 00:46 . 2011-08-22 00:46 -------- d-----w- c:\program files\Windows MultiPoint Mouse SDK
2011-08-22 00:24 . 2003-11-28 11:04 5162 ----a-w- c:\windows\system32\cpnmouse.sys
2011-08-22 00:21 . 2003-11-28 11:04 5162 ----a-w- c:\windows\system32\drivers\cpnmouse.sys
2011-08-21 14:01 . 2011-08-21 14:01 -------- d-----w- c:\program files\MeeSoft
2011-08-20 09:26 . 2011-08-20 09:33 -------- d-----w- c:\documents and settings\heRoo\Application Data\Presentation Assistant
2011-08-20 09:26 . 2011-08-20 09:26 -------- d-----w- c:\program files\Presentation Assistant
2011-08-19 17:19 . 2011-08-19 17:19 -------- d-----w- c:\documents and settings\heRoo\Application Data\Grasssoft
2011-08-19 17:19 . 2011-09-05 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Grasssoft
2011-08-19 17:19 . 2011-08-19 17:19 -------- d-----w- c:\program files\GrassSoft
2011-08-19 11:52 . 2011-08-19 11:52 -------- d-----w- c:\documents and settings\mama\.jagex_cache_32
2011-08-19 11:51 . 2011-08-19 11:51 -------- d-----w- c:\documents and settings\mama\Local Settings\Application Data\Opera
2011-08-19 00:17 . 2011-08-19 00:17 -------- d-----w- c:\documents and settings\heRoo\Local Settings\Application Data\jagexlauncher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 19:26 . 2003-03-28 03:24 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-12 14:12 . 2010-05-03 04:53 374236 ----a-w- c:\windows\system32\wbem\wmiadap.exe
2011-09-12 14:12 . 2010-05-03 04:53 536542 ----a-w- c:\windows\system32\wbem\wmic.exe
2011-09-12 14:12 . 2010-05-03 04:53 293854 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2011-09-12 14:12 . 2010-05-03 04:53 213982 ----a-w- c:\windows\system32\wbem\scrcons.exe
2011-09-12 14:12 . 2010-05-03 04:53 194004 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2011-09-12 14:06 . 2010-05-03 04:54 328146 ----a-w- c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2011-09-12 14:05 . 2010-05-03 04:54 347612 ----a-w- c:\windows\pchealth\HelpCtr\Binaries\msconfig.exe
2011-09-12 14:05 . 2010-05-03 04:54 196054 ----a-w- c:\windows\pchealth\HelpCtr\Binaries\hscupd.exe
2011-09-12 14:05 . 2010-05-03 04:54 922068 ----a-w- c:\windows\pchealth\HelpCtr\Binaries\helpsvc.exe
2011-09-12 14:05 . 2010-05-03 04:54 946644 ----a-w- c:\windows\pchealth\HelpCtr\Binaries\helpctr.exe
2011-09-12 13:33 . 2010-12-20 16:22 565724 ----a-r- c:\documents and settings\heRoo\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-12 13:21 . 2010-05-03 05:13 202206 ----a-w- c:\windows\system32\xpsp1hfm.exe
2011-09-12 13:21 . 2003-03-31 12:00 208342 ----a-w- c:\windows\system32\xcopy.exe
2011-09-12 13:21 . 2006-09-28 17:56 324056 ----a-w- c:\windows\system32\WudfHost.exe
2011-09-12 13:21 . 2010-06-05 20:35 343516 ----a-w- c:\windows\system32\wuauclt1.exe
2011-09-12 13:21 . 2010-05-03 04:53 288724 ----a-w- c:\windows\system32\wuauclt.exe
2011-09-12 13:21 . 2003-03-31 12:00 188884 ----a-w- c:\windows\system32\wpnpinst.exe
2011-09-12 13:21 . 2006-10-18 19:00 195032 ----a-w- c:\windows\system32\wpdshextautoplay.exe
2011-09-12 13:21 . 2003-03-31 12:00 209876 ----a-w- c:\windows\system32\wpabaln.exe
2011-09-12 13:20 . 2003-03-31 12:00 183254 ----a-w- c:\windows\system32\winver.exe
2011-09-12 13:20 . 2003-03-31 12:00 611292 ----a-w- c:\windows\system32\wiaacmgr.exe
2011-09-12 13:20 . 2004-10-11 18:20 186326 ----a-w- c:\windows\system32\wdfmgr.exe
2011-09-12 13:20 . 2003-03-31 12:00 242648 ----a-w- c:\windows\system32\wextract.exe
2011-09-12 13:20 . 2010-06-06 20:33 206296 ----a-w- c:\windows\system32\verclsid.exe
2011-09-12 13:20 . 2004-10-11 18:20 186332 ----a-w- c:\windows\system32\uwdf.exe
2011-09-12 13:20 . 2003-03-31 12:00 227802 ----a-w- c:\windows\system32\utilman.exe
2011-09-12 13:20 . 2003-03-31 12:00 194518 ----a-w- c:\windows\system32\upnpcont.exe
2011-09-12 13:20 . 2010-05-03 04:53 222164 ----a-w- c:\windows\system32\tscupgrd.exe
2011-09-12 13:20 . 2003-03-31 12:00 437208 ----a-w- c:\windows\system32\tracerpt.exe
2011-09-12 13:20 . 2003-03-31 12:00 189916 ----a-w- c:\windows\system32\tracert.exe
2011-09-12 13:20 . 2003-03-31 12:00 524758 ----a-w- c:\windows\system32\tourstart.exe
2011-09-12 13:20 . 2003-03-31 12:00 255968 ----a-w- c:\windows\system32\tlntsess.exe
2011-09-12 13:20 . 2003-03-31 12:00 253400 ----a-w- c:\windows\system32\telnet.exe
2011-09-12 13:20 . 2003-03-31 12:00 239068 ----a-w- c:\windows\system32\tlntadmn.exe
2011-09-12 13:20 . 2003-03-31 12:00 313302 ----a-w- c:\windows\system32\taskmgr.exe
2011-09-12 13:20 . 2003-03-31 12:00 255450 ----a-w- c:\windows\system32\tasklist.exe
2011-09-12 13:20 . 2003-03-31 12:00 253918 ----a-w- c:\windows\system32\taskkill.exe
2011-09-12 13:20 . 2003-03-31 12:00 249306 ----a-w- c:\windows\system32\systeminfo.exe
2011-09-12 13:20 . 2003-03-31 12:00 284122 ----a-w- c:\windows\system32\sysocmgr.exe
2011-09-12 13:20 . 2003-03-31 12:00 192470 ----a-w- c:\windows\system32\stimon.exe
2011-09-12 13:20 . 2003-03-31 12:00 857560 ----a-w- c:\windows\system32\sstext3d.scr
2011-09-12 13:20 . 2003-03-31 12:00 787930 ----a-w- c:\windows\system32\sspipes.scr
2011-09-12 13:20 . 2003-03-31 12:00 191972 ----a-w- c:\windows\system32\ssstars.scr
2011-09-12 13:20 . 2003-03-31 12:00 224728 ----a-w- c:\windows\system32\ssmypics.scr
2011-09-12 13:20 . 2003-03-31 12:00 196572 ----a-w- c:\windows\system32\ssmyst.scr
2011-09-12 13:20 . 2003-03-31 12:00 198624 ----a-w- c:\windows\system32\ssmarque.scr
2011-09-12 13:20 . 2003-03-31 12:00 570842 ----a-w- c:\windows\system32\ssflwbox.scr
2011-09-12 13:20 . 2003-03-31 12:00 197598 ----a-w- c:\windows\system32\ssbezier.scr
2011-09-12 13:20 . 2003-03-31 12:00 882144 ----a-w- c:\windows\system32\ss3dfo.scr
2011-09-12 13:20 . 2010-06-05 20:30 204246 ----a-w- c:\windows\system32\spupdsvc.exe
2011-09-12 13:20 . 2004-08-03 22:56 198622 ----a-w- c:\windows\system32\spupdwxp.exe
2011-09-12 13:20 . 2010-05-03 04:53 716248 ----a-w- c:\windows\system32\spider.exe
2011-09-12 13:20 . 2004-08-03 22:56 188890 ----a-w- c:\windows\system32\spnpinst.exe
2011-09-12 13:20 . 2003-03-31 12:00 190428 ----a-w- c:\windows\system32\spiisupd.exe
2011-09-12 13:20 . 2004-08-03 22:56 185302 ----a-w- c:\windows\system32\spdwnwxp.exe
2011-09-12 13:20 . 2003-03-31 12:00 202200 ----a-w- c:\windows\system32\sort.exe
2011-09-12 13:20 . 2010-05-03 04:53 309208 ----a-w- c:\windows\system32\sndrec32.exe
2011-09-12 13:20 . 2010-06-05 20:35 255454 ----a-w- c:\windows\system32\slserv.exe
2011-09-12 13:20 . 2010-06-05 20:35 214486 ----a-w- c:\windows\system32\slrundll.exe
2011-09-12 13:20 . 2010-06-05 20:35 185822 ----a-w- c:\windows\system32\smbinst.exe
2011-09-12 13:20 . 2003-03-31 12:00 247774 ----a-w- c:\windows\system32\sigverif.exe
2011-09-12 13:20 . 2003-03-31 12:00 203744 ----a-w- c:\windows\system32\skeys.exe
2011-09-12 13:20 . 2003-03-31 12:00 197084 ----a-w- c:\windows\system32\shutdown.exe
2011-09-12 13:20 . 2003-03-31 12:00 255446 ----a-w- c:\windows\system32\shrpubw.exe
2011-09-12 13:20 . 2010-06-06 20:33 210392 ----a-w- c:\windows\system32\setupn.exe
2011-09-12 13:20 . 2003-03-31 12:00 200664 ----a-w- c:\windows\system32\setup.exe
2011-09-12 13:20 . 2003-03-31 12:00 208854 ----a-w- c:\windows\system32\sethc.exe
2011-09-12 13:20 . 2003-03-31 12:00 196578 ----a-w- c:\windows\system32\secedit.exe
2011-09-12 13:20 . 2003-03-31 12:00 254936 ----a-w- c:\windows\system32\sdbinst.exe
2011-09-12 13:20 . 2003-03-31 12:00 299478 ----a-w- c:\windows\system32\schtasks.exe
2011-09-12 13:20 . 2003-03-31 12:00 186834 ----a-w- c:\windows\system32\scrnsave.scr
2011-09-12 13:20 . 2003-03-31 12:00 190940 ----a-w- c:\windows\system32\savedump.exe
2011-09-12 13:20 . 2003-03-31 12:00 254944 ----a-w- c:\windows\system32\rtcshare.exe
2011-09-12 13:20 . 2003-03-31 12:00 191962 ----a-w- c:\windows\system32\runonce.exe
2011-09-12 13:20 . 2003-03-31 12:00 285150 ----a-w- c:\windows\system32\rsnotify.exe
2011-09-12 13:20 . 2003-03-31 12:00 227798 ----a-w- c:\windows\system32\reg.exe
2011-09-12 13:20 . 2003-03-31 12:00 192480 ----a-w- c:\windows\system32\rsh.exe
2011-09-12 13:20 . 2003-03-31 12:00 191448 ----a-w- c:\windows\system32\rexec.exe
2011-09-12 13:20 . 2010-05-03 04:53 244698 ----a-w- c:\windows\system32\rdshost.exe
2011-09-12 13:20 . 2010-05-03 04:53 191456 ----a-w- c:\windows\system32\rdsaddin.exe
2011-09-12 13:20 . 2010-05-03 04:53 240600 ----a-w- c:\windows\system32\rdpclip.exe
2011-09-12 13:20 . 2003-03-31 12:00 213466 ----a-w- c:\windows\system32\rcimlby.exe
2011-09-12 13:20 . 2003-03-31 12:00 199134 ----a-w- c:\windows\system32\rcp.exe
2011-09-12 13:20 . 2003-03-31 12:00 234464 ----a-w- c:\windows\system32\rasphone.exe
2011-09-12 13:20 . 2010-05-03 04:53 197592 ----a-w- c:\windows\system32\qprocess.exe
2011-09-12 13:20 . 2003-03-31 12:00 186846 ----a-w- c:\windows\system32\proxycfg.exe
2011-09-12 13:20 . 2010-03-18 08:09 473048 ----a-w- c:\windows\system32\PresentationHost.exe
2011-09-12 13:20 . 2003-03-31 12:00 227802 ----a-w- c:\windows\system32\proquota.exe
2011-09-12 13:20 . 2010-06-05 20:35 226780 ----a-w- c:\windows\system32\powercfg.exe
2011-09-12 13:20 . 2003-03-31 12:00 193498 ----a-w- c:\windows\system32\perfmon.exe
2011-09-12 13:20 . 2003-03-31 12:00 393178 ----a-w- c:\windows\system32\osk.exe
2011-09-12 13:20 . 2003-03-31 12:00 236004 ----a-w- c:\windows\system32\packager.exe
2011-09-12 13:20 . 2003-03-31 12:00 245208 ----a-w- c:\windows\system32\openfiles.exe
2011-09-12 13:20 . 2003-03-31 12:00 247256 ----a-w- c:\windows\system32\odbcconf.exe
2011-09-12 13:20 . 2010-05-03 05:13 533976 ----a-w- c:\windows\system32\nvunrm.exe
2011-09-12 13:20 . 2010-05-03 05:13 533980 ----a-r- c:\windows\system32\nvusmu.exe
2011-09-12 13:20 . 2010-05-03 05:13 533982 ----a-r- c:\windows\system32\nvusmb.exe
2011-09-12 13:20 . 2003-03-31 12:00 210400 ----a-w- c:\windows\system32\odbcad32.exe
2011-09-12 13:20 . 2010-05-03 05:13 533980 ----a-r- c:\windows\system32\NVUNINST.EXE
2011-09-07 16:29 . 2011-05-09 17:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-09-12 . 3561542EAA39C7C0D7CA3FDBF415BBF3 . 288730 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2011-09-12 . BA4E102075421ECBC8A84DE219F5EE4E . 288734 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe
[-] 2011-09-12 . 8A0F465E658BF6394282B2BDE0B68C2B . 288724 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
.
[-] 2011-09-12 . 67CF134928DD04BB96457E4724569AD5 . 203736 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2011-09-12 . B99D4E5E8D390E8EB239CF55A68712CD . 202204 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2011-09-12 . C63401024FE8C85202A51EF24E597030 . 203740 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
.
[-] 2011-09-12 . CA27B0417EE0EC9F067DB536B5D082C4 . 324058 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2011-09-12 . FBC40AB4A3E6C443138B574BB08FD25F . 324064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2011-09-12 . 132703B7DCF3BCADB17A122D63C0A41A . 324060 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2011-09-12 . 02FA5FD1CB8B71FF30C09A74AF5DA77D . 192986 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2011-09-12 . 4FB7E105C2E237D80358ACF243FDAEB8 . 192984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2011-09-12 . BE41421073212F79ED56132075F792E1 . 192988 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2011-09-12 . C6F829F2A341A6BE5FEF1F603637BA04 . 270804 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2011-09-12 . F318F3320523AAF6EC340DDF54C25799 . 270808 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2011-09-12 2121686]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-09-12 1221596]
"P17Helper"="P17.dll" [2005-05-03 64512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"eurobattlegui"="e:\warcraft iii\Warcraft III\eb.exe"
"CTSysVol"=c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Programy\\xampp\\xampp\\apache\\bin\\httpd.exe"=
"g:\\Programy\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"d:\\Program Files\\HLSW\\hlsw.exe"=
"e:\\Warcraft III\\Warcraft III\\war3.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"g:\\Games\\dsadas\\hltv.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"g:\\Programy\\bitlord\\BitLord.exe"=
"g:\\Programy\\Update Service\\Update Service.exe"=
"d:\\Hry\\cs\\Steam.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"g:\\Games\\dsadas\\hl.exe"=
"c:\\Program Files\\Mineserver Project\\Mineserver\\mineserver.exe"=
"g:\\Games\\AoE2\\age2_x1\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"g:\\Games\\Age Of Empires II Conquerors\\age2_x1\\age2_x1.exe"=
"g:\\Games\\StarCraft II\\StarCraft II.exe"=
"g:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Webteh\\BSplayer\\bsplayer.exe"=
"c:\\Program Files\\gta2gh\\gta2gh.exe"=
"g:\\Programy\\Media go\\MediaGo.exe"=
"g:\\Programy\\xampp\\xampp\\FileZillaFTP\\FileZilla Server.exe"=
"g:\\Games\\dsadas\\hlds.exe"=
"g:\\Games\\CaC\\Hra\\ZH\\game.dat"=
"c:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"c:\\Program Files\\Tunngle\\Tunngle.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"g:\\Games\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\Warcraft III\\Warcraft III\\gproxy.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\dedicated server\\hltv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\half-life\\hl.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\dedicated server\\hlds.exe"=
"g:\\Games\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-Downloader.exe"=
"d:\\Hry\\cs\\steamapps\\heroo16\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"57600:TCP"= 57600:TCP:Pando Media Booster
"57600:UDP"= 57600:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6894:TCP"= 6894:TCP:League of Legends Launcher
"6894:UDP"= 6894:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"6887:TCP"= 6887:TCP:League of Legends Launcher
"6887:UDP"= 6887:UDP:League of Legends Launcher
"6898:TCP"= 6898:TCP:League of Legends Launcher
"6898:UDP"= 6898:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/17/2010 6:18 PM 691696]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [9/4/2011 1:07 AM 862496]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2/22/2011 7:03 PM 90112]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [4/25/2011 7:33 PM 718072]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2/23/2011 3:58 AM 219264]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [9/4/2011 1:07 AM 24504]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\gbridge.sys [5/10/2009 7:46 PM 41216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [8/22/2010 11:37 AM 27632]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [4/25/2011 7:33 PM 27136]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [4/13/2011 7:02 PM 17792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 308186]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/8/2010 8:20 PM 313818]
S3 cpnmouse;cpnmouse;c:\windows\system32\drivers\cpnmouse.sys [8/22/2011 2:21 AM 5162]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [8/22/2010 11:37 AM 13224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/8/2010 8:20 PM 313818]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/22/2010 11:49 AM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/22/2010 11:49 AM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/22/2010 11:49 AM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/22/2010 11:49 AM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/22/2010 11:49 AM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/22/2010 11:49 AM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/22/2010 11:49 AM 115752]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2/22/2011 6:59 PM 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2/22/2011 6:59 PM 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2/22/2011 6:59 PM 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2/22/2011 6:59 PM 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2/22/2011 6:59 PM 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2/22/2011 6:59 PM 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2/22/2011 6:59 PM 123504]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [5/3/2007 5:19 PM 12112]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2/12/2010 8:34 PM 99152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 931296]
.
Contents of the 'Scheduled Tasks' folder
.
2011-01-09 c:\windows\Tasks\cron.job
- g:\programy\xampp\xampp\php\php.exe [2010-07-15 22:00]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 13:17]
.
2011-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 13:17]
.
2011-09-08 c:\windows\Tasks\videopadDowngrade.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-04-09 13:52]
.
2011-05-05 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-04-09 13:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\heRoo\Application Data\Mozilla\Firefox\Profiles\n01jo72q.default\
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - google.sk
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-Look@LAN_1.0 - c:\windows\iun6002.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\heRoo\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-15 17:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-1767777339-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:34,5f,00,02,63,ac,57,8c,8d,bd,55,45,d8,3d,99,31,be,41,fc,d1,74,
86,cf,2a,51,2a,9f,8d,c0,30,4c,8c,b8,ed,67,3d,88,87,98,77,49,d8,b0,b2,b8,f3,\
"rkeysecu"=hex:7c,72,fe,43,28,0e,88,c6,7c,b8,db,19,db,d6,15,f6
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Background Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="URL Shortcut PropSetStorage Mapping"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\Instance]
"CLSID"="{942bc614-676c-464e-b384-d3202aaa02da}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft BrowserBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Fade Task"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE OrderListExport"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Desk Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shared Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE AutoComplete"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3028902F-6374-48b2-8DC6-9725E775B926}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="TravelLog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Subscribe Dialog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Navigation Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDataObjectWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Site"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Band"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Document"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\ProgID]
@="xmlfile"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft History AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Tracking Shell Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE BandProxy"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Private Profile Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDropSourceWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Executable"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="INI Property Set Storage Handler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
@=expand:"ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE MRU AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Folder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\ShellFolder]
"Attributes"=dword:a0000000
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9c7a1728-b694-427a-94a2-a1b2c60f0360}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9c7a1728-b694-427a-94a2-a1b2c60f0360}\InProcServer32]
@=expand:"%SystemRoot%\\system32\\ieframe.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Shell Folder AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread Handshake"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Bands"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS FeedFolder Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Shell Name Space ListView"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Multiple AutoComplete List Container"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Microsoft Browser Architecture"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\ShellFolder]
"Attributes"=dword:a0000050
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Rebar BandSite"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Docking Bar Property Bag"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@="ieproxy.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories conditional cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Application State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Band Site Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ProtectedModeAPI"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="&Links"
"MenuTextPUI"="@ieframe.dll,-13138"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Registry Tree Options Utility"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE User Assist"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft CommBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Custom MRU AutoCompleted List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Moniker"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}]
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\NumMethods]
@="33"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{02BA3B52-0547-11D1-B833-00C04FC9B31F}\ProxyStubClsid32]
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IBrowserFrame"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\NumMethods]
@="16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}]
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6312F983-7C1B-4080-98B1-98E463B5EC74}\ProxyStubClsid32]
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}]
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\NumMethods]
@="14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{66A9CB08-4802-11D2-A561-00A0C92DBFE8}\ProxyStubClsid32]
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabBrowserService"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\NumMethods]
@="6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}]
@Denied: (A 2) (PowerUsers)
@Denied: (A 2) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\NumMethods]
@="6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{92549FB6-2504-4018-83C5-0A950DF000F2}\ProxyStubClsid32]
@="{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindow"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\NumMethods]
@="28"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindowManager"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\NumMethods]
@="17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(4072)
c:\windows\TEMP\qoa2.tmp
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\program files\EslWire\dbus-daemon.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-09-15 17:52:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-15 15:51
.
Pre-Run: 186 417 152 bytes free
Post-Run: 581 394 432 bytes free
.
- - End Of File - - 0E8D5FCD71271C1CAFE31CAC9A697171

Re: problem s cervom

Napsal: 15 zář 2011 17:37
od tomikaco
ok, tak teda scanujem.

inak hned po nainstalovani Nortonu zacal hlasit, ze nasiel upravene nerozoznane systemove subory a ze ich bude treba nahradit originalnimi z instalacneho CD - to budu asi tie iste, co nasiel aj combofix. co s tym teda?

Re: problem s cervom

Napsal: 15 zář 2011 18:11
od tomikaco
na CD mam iba stariu verziu XP s SP1, bude to stacit? vysledky scanu sem hodim rano. vyzera, ze to bude trvat dost dlho a dnes musim este PC pouzivat, tak to necham scanovat cez noc.

Re: problem s cervom

Napsal: 15 zář 2011 21:20
od tomikaco
tak Norton doscanoval, tu je vysledok http://kooo.ssdd.cz/qwe.txt

je to uz teda definitivne zabite? staci repairnut Windows (vymazalo mi to notepad, paint, login je stale zdlhavy ....), preinstalovat programy, ktore mi to vymazalo (a ze ich teda bolo, nefunguje mi skoro nic ..) a sirit sa to uz nebude?

inak pozeram, ze ten vir mi infikoval uplne kazdy exe subor, ktory som mal na disku. teraz ako prechadzam precinok po priecinku na externom HDD, ktory som kvoli velkosti nescanoval, tak v kazdom priecinku Norton najde zavirovany exac a hned ho aj repairne, pricom sa zmensi jeho velkost o polovicu.

Re: problem s cervom

Napsal: 16 zář 2011 11:54
od tomikaco
hm, CombFix mi uz nejak nefunguje, nedostane sa ani do toho konzoloveho okna, zastavi sa uz pri instalaci. mozno nejak suvisi s tym Nortonom, ten mal nejake problemy s ComboFixom, ale Norton som deaktivoval, stiahol ComboFix znova a stale sa to zasekne. postupoval som presne podla navodu

Kód: Vybrat vše

Output folder: C:\32788R22FWJFW
Delete file: C:\32788R22FWJFW\023.dat
Delete file: C:\32788R22FWJFW\023v.dat
Delete file: C:\32788R22FWJFW\023w7.dat
Delete file: C:\32788R22FWJFW\AppDataFile.cfx
Delete file: C:\32788R22FWJFW\AppDataFolder.cfx
Delete file: C:\32788R22FWJFW\appinit.bad
Delete file: C:\32788R22FWJFW\asp.str
Delete file: C:\32788R22FWJFW\Assoc.cmd
Delete file: C:\32788R22FWJFW\Auto-RC.cmd
Delete file: C:\32788R22FWJFW\av.cmd
Delete file: C:\32788R22FWJFW\av.vbs
Delete file: C:\32788R22FWJFW\AWF.cmd
Delete file: C:\32788R22FWJFW\badclsid.c
Delete file: C:\32788R22FWJFW\Boot-Rk.cmd
Delete file: C:\32788R22FWJFW\Boot.bat
Delete file: C:\32788R22FWJFW\BootDrv.vbs
Delete file: C:\32788R22FWJFW\c.bat
Delete file: C:\32788R22FWJFW\Catch-sub.cmd
Delete file: C:\32788R22FWJFW\catchme.3XE
Delete file: C:\32788R22FWJFW\CF-Script.cmd
Delete file: C:\32788R22FWJFW\clsid.c
Delete file: C:\32788R22FWJFW\Combo-Fix.sys
Delete file: C:\32788R22FWJFW\Combobatch.bat
Delete file: C:\32788R22FWJFW\ComboFix-Download.3XE
Delete file: C:\32788R22FWJFW\Create.cmd
Delete file: C:\32788R22FWJFW\Creg.dat
Delete file: C:\32788R22FWJFW\CregC.cmd
Delete file: C:\32788R22FWJFW\CregC.dat
Delete file: C:\32788R22FWJFW\CSet.cmd
Delete file: C:\32788R22FWJFW\dd.3XE
Delete file: C:\32788R22FWJFW\ddsDo.sed
Delete file: C:\32788R22FWJFW\DelClsid.bat
Delete file: C:\32788R22FWJFW\DelClsid64.bat
Delete file: C:\32788R22FWJFW\desktop.ini
Delete file: C:\32788R22FWJFW\DesktopFile.cfx
Delete file: C:\32788R22FWJFW\Dnl.dat
Delete file: C:\32788R22FWJFW\DPF.str
Delete file: C:\32788R22FWJFW\DrvRun.vbs
Delete file: C:\32788R22FWJFW\dumphive.3XE
Delete file: C:\32788R22FWJFW\embedded.sed
Remove folder: C:\32788R22FWJFW\EN-US\
Delete file: C:\32788R22FWJFW\ERDNT.e_e
Delete file: C:\32788R22FWJFW\ERDNTDOS.LOC
Delete file: C:\32788R22FWJFW\ERDNTWIN.LOC
Delete file: C:\32788R22FWJFW\ERUNT.3XE
Delete file: C:\32788R22FWJFW\ERUNT.LOC
Delete file: C:\32788R22FWJFW\Exe.reg
Delete file: C:\32788R22FWJFW\extract.3XE
Delete file: C:\32788R22FWJFW\FavoriteFolder.cfx
Delete file: C:\32788R22FWJFW\FavoritesFile.cfx
Delete file: C:\32788R22FWJFW\FD-SV.cmd
Delete file: C:\32788R22FWJFW\ffdefstr.dll
Delete file: C:\32788R22FWJFW\FileKill.3XE
Delete file: C:\32788R22FWJFW\files.pif
Delete file: C:\32788R22FWJFW\Fin.dat
Delete file: C:\32788R22FWJFW\FIND3M.bat
Delete file: C:\32788R22FWJFW\firefox.exe
Delete file: C:\32788R22FWJFW\FIXLSP.bat
Delete file: C:\32788R22FWJFW\FKMGen.cmd
Delete file: C:\32788R22FWJFW\GetHive.cmd
Delete file: C:\32788R22FWJFW\grep.3XE
Delete file: C:\32788R22FWJFW\gsar.3XE
Delete file: C:\32788R22FWJFW\handle.3XE
Delete file: C:\32788R22FWJFW\hidec.3XE
Delete file: C:\32788R22FWJFW\history.bat
Delete file: C:\32788R22FWJFW\hwid.pif
Delete file: C:\32788R22FWJFW\iexplore.exe
Delete file: C:\32788R22FWJFW\image001.gif
Delete file: C:\32788R22FWJFW\Imefile.dat
Delete file: C:\32788R22FWJFW\Install-RC.cmd
Delete file: C:\32788R22FWJFW\katch.cmd
Delete file: C:\32788R22FWJFW\Kill-All.cmd
Delete file: C:\32788R22FWJFW\Ksvchost.vbs
Delete file: C:\32788R22FWJFW\Lang.bat
Delete file: C:\32788R22FWJFW\License\Curl - license.txt
Delete file: C:\32788R22FWJFW\License\dumphive-license.txt
Delete file: C:\32788R22FWJFW\License\EXTRACT.TXT
Delete file: C:\32788R22FWJFW\License\FI - license.txt
Delete file: C:\32788R22FWJFW\License\firefox.exe
Delete file: C:\32788R22FWJFW\License\iexplore.exe
Delete file: C:\32788R22FWJFW\License\mtee.txt
Delete file: C:\32788R22FWJFW\License\ncmd.cfxxe
Delete file: C:\32788R22FWJFW\License\pv_5_2_2.zip
Delete file: C:\32788R22FWJFW\License\streamtools.zip
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.com
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.html
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.pif
Delete file: C:\32788R22FWJFW\License\Zip - license.txt
Remove folder: C:\32788R22FWJFW\License\
Delete file: C:\32788R22FWJFW\List-B.bat
Delete file: C:\32788R22FWJFW\List-C.bat
Delete file: C:\32788R22FWJFW\List-D.bat
Delete file: C:\32788R22FWJFW\List.bat
Delete file: C:\32788R22FWJFW\lnkread.vbs
Delete file: C:\32788R22FWJFW\LocalAppDataFile.cfx
Delete file: C:\32788R22FWJFW\LocalAppDataFolder.cfx
Delete file: C:\32788R22FWJFW\LocalService.dat
Delete file: C:\32788R22FWJFW\LocalServiceNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\LocalSettingsFile.cfx
Delete file: C:\32788R22FWJFW\LocalSystemNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\mbr.3XE
Delete file: C:\32788R22FWJFW\mbr.chk
Delete file: C:\32788R22FWJFW\md5sum.pif
Delete file: C:\32788R22FWJFW\md5sum00.pif
Delete file: C:\32788R22FWJFW\MoveIt.bat
Delete file: C:\32788R22FWJFW\mtee.3XE
Delete file: C:\32788R22FWJFW\mynul.dat
Delete file: C:\32788R22FWJFW\n.pif
Delete file: C:\32788R22FWJFW\ncmd.com
Delete file: C:\32788R22FWJFW\ndis_combofix.dat
Delete file: C:\32788R22FWJFW\ND_.bat
Delete file: C:\32788R22FWJFW\ND_64.bat
Delete file: C:\32788R22FWJFW\netsvc.bad.dat
Delete file: C:\32788R22FWJFW\netsvc.dat
Delete file: C:\32788R22FWJFW\netsvc.vista.dat
Delete file: C:\32788R22FWJFW\netsvc.xp.dat
Delete file: C:\32788R22FWJFW\NetworkService.dat
Delete file: C:\32788R22FWJFW\NirCmd.3XE
Delete file: C:\32788R22FWJFW\NirCmd.chm
Delete file: C:\32788R22FWJFW\NirCmdC.3XE
Delete file: C:\32788R22FWJFW\NT-OS.cmd
Remove folder: C:\32788R22FWJFW\N_\
Delete file: C:\32788R22FWJFW\OSid.vbs
Delete file: C:\32788R22FWJFW\P.cmd
Delete file: C:\32788R22FWJFW\pausep.3XE
Delete file: C:\32788R22FWJFW\PersonalFile.cfx
Delete file: C:\32788R22FWJFW\PersonalFolder.cfx
Delete file: C:\32788R22FWJFW\pev.3XE
Delete file: C:\32788R22FWJFW\pevb.3XE
Delete file: C:\32788R22FWJFW\Policies.dat
Delete file: C:\32788R22FWJFW\powp.dat
Delete file: C:\32788R22FWJFW\Prep.inf
Delete file: C:\32788R22FWJFW\ProfilesFile.cfx
Delete file: C:\32788R22FWJFW\ProfilesFolder.cfx
Delete file: C:\32788R22FWJFW\ProgramsFile.cfx
Delete file: C:\32788R22FWJFW\ProgramsFolder.cfx
Delete file: C:\32788R22FWJFW\Purity.dat
Delete file: C:\32788R22FWJFW\pv.com
Delete file: C:\32788R22FWJFW\rar_sfx.cmd
Delete file: C:\32788R22FWJFW\RCLink.dat
Delete file: C:\32788R22FWJFW\REGDACL.sed
Delete file: C:\32788R22FWJFW\RegDo.sed
Delete file: C:\32788R22FWJFW\region.dat
Delete file: C:\32788R22FWJFW\RegScan.cmd
Delete file: C:\32788R22FWJFW\RegScan64.cmd
Delete file: C:\32788R22FWJFW\restore_pt.vbs
Delete file: C:\32788R22FWJFW\Rkey.cmd
Delete file: C:\32788R22FWJFW\rmbr.3XE
Delete file: C:\32788R22FWJFW\rogues.dat
Delete file: C:\32788R22FWJFW\run2.sed
Delete file: C:\32788R22FWJFW\Rust.str
Delete file: C:\32788R22FWJFW\s0rt.3XE
Delete file: C:\32788R22FWJFW\safeboot.dat
Delete file: C:\32788R22FWJFW\safeboot.def.dat
Delete file: C:\32788R22FWJFW\safeboot.def.vista.dat
Delete file: C:\32788R22FWJFW\Safeboot.def.w7.dat
Delete file: C:\32788R22FWJFW\sed.3XE
Delete file: C:\32788R22FWJFW\SetEnvmt.bat
Delete file: C:\32788R22FWJFW\setpath.3XE
Delete file: C:\32788R22FWJFW\setpath_N.cmd
Delete file: C:\32788R22FWJFW\SnapShot.cmd
Delete file: C:\32788R22FWJFW\SRestore.cmd
Delete file: C:\32788R22FWJFW\srizbi.md5
Delete file: C:\32788R22FWJFW\StartMenuFile.cfx
Delete file: C:\32788R22FWJFW\StartMenuFolder.cfx
Delete file: C:\32788R22FWJFW\StartUpFile.cfx
Delete file: C:\32788R22FWJFW\SuppScan.cmd
Delete file: C:\32788R22FWJFW\SvcDrv.vbs
Delete file: C:\32788R22FWJFW\svchost.dat
Delete file: C:\32788R22FWJFW\svchost.vista.dat
Delete file: C:\32788R22FWJFW\svchost.vista.x64.dat
Delete file: C:\32788R22FWJFW\svchost.w7.dat
Delete file: C:\32788R22FWJFW\svchost.w7.x64.dat
Delete file: C:\32788R22FWJFW\svc_wht.dat
Delete file: C:\32788R22FWJFW\swreg.3XE
Delete file: C:\32788R22FWJFW\swsc.3XE
Delete file: C:\32788R22FWJFW\swxcacls.3XE
Delete file: C:\32788R22FWJFW\system_ini.dat
Delete file: C:\32788R22FWJFW\tail.3XE
Delete file: C:\32788R22FWJFW\TemplatesFile.cfx
Delete file: C:\32788R22FWJFW\TemplatesFolder.cfx
Delete file: C:\32788R22FWJFW\toolbar.sed
Delete file: C:\32788R22FWJFW\Update-CF.cmd
Delete file: C:\32788R22FWJFW\VInfo
Delete file: C:\32788R22FWJFW\VInfo2
Delete file: C:\32788R22FWJFW\VINFO3
Delete file: C:\32788R22FWJFW\Vipev.dat
Delete file: C:\32788R22FWJFW\vistaMcode.dat
Delete file: C:\32788R22FWJFW\vistareg.dat
Delete file: C:\32788R22FWJFW\vun.dat
Delete file: C:\32788R22FWJFW\VwinTemp.dacl
Delete file: C:\32788R22FWJFW\w2kreg.dat
Delete file: C:\32788R22FWJFW\w2k_sock.dll
Delete file: C:\32788R22FWJFW\w7Mcode.dat
Delete file: C:\32788R22FWJFW\w7reg.dat
Delete file: C:\32788R22FWJFW\Wmi_rem.vbs
Delete file: C:\32788R22FWJFW\w_sock.dll
Delete file: C:\32788R22FWJFW\XP.mac
Delete file: C:\32788R22FWJFW\xpmcode.dat
Delete file: C:\32788R22FWJFW\xpreg.dat
Delete file: C:\32788R22FWJFW\XPSBoot.reg
Delete file: C:\32788R22FWJFW\zDomain.dat
Delete file: C:\32788R22FWJFW\zhsvc.dat
Delete file: C:\32788R22FWJFW\zip.3XE
Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: Boot-Rk.cmd
Extract: Boot.bat
Extract: BootDrv.vbs
Extract: CF-Script.cmd
Extract: CSet.cmd
Extract: Catch-sub.cmd
Extract: Combo-Fix.sys
Extract: ComboFix-Download.3XE
Extract: Combobatch.bat
Extract: Create.cmd
Extract: Creg.dat
Extract: CregC.cmd
Extract: CregC.dat
Extract: DPF.str
Extract: DelClsid.bat
Extract: DelClsid64.bat
Extract: DesktopFile.cfx
Extract: Dnl.dat
Extract: DrvRun.vbs
Extract: ERDNT.e_e
Extract: ERDNTDOS.LOC
Extract: ERDNTWIN.LOC
Extract: ERUNT.3XE
Extract: ERUNT.LOC
Extract: Exe.reg
Extract: FD-SV.cmd
Extract: FIND3M.bat
Extract: FIXLSP.bat
Extract: FKMGen.cmd
Extract: FavoriteFolder.cfx
Extract: FavoritesFile.cfx
Extract: FileKill.3XE
Extract: Fin.dat
Extract: GetHive.cmd
Extract: Imefile.dat
Extract: Install-RC.cmd
Extract: Kill-All.cmd
Extract: Ksvchost.vbs
Extract: Lang.bat
Extract: List-B.bat
Extract: List-C.bat
Extract: List-D.bat
Extract: List.bat
Extract: LocalAppDataFile.cfx
Extract: LocalAppDataFolder.cfx
Extract: LocalService.dat
Extract: LocalServiceNetworkRestricted.dat
Extract: LocalSettingsFile.cfx
Extract: LocalSystemNetworkRestricted.dat
Extract: MoveIt.bat
Extract: ND_.bat
Extract: ND_64.bat
Extract: NT-OS.cmd
Extract: NetworkService.dat
Extract: NirCmd.3XE
Extract: NirCmd.chm
Extract: NirCmdC.3XE
Extract: OSid.vbs
Extract: P.cmd
Extract: PersonalFile.cfx
Extract: PersonalFolder.cfx
Extract: Policies.dat
Extract: Prep.inf
Extract: ProfilesFile.cfx
Extract: ProfilesFolder.cfx
Extract: ProgramsFile.cfx
Extract: ProgramsFolder.cfx
Extract: Purity.dat
Extract: RCLink.dat
Extract: REGDACL.sed
Extract: RegDo.sed
Extract: RegScan.cmd
Extract: RegScan64.cmd
Extract: Rkey.cmd
Extract: Rust.str
Extract: SRestore.cmd
Extract: Safeboot.def.w7.dat
Extract: SetEnvmt.bat
Extract: SnapShot.cmd
Extract: StartMenuFile.cfx
Extract: StartMenuFolder.cfx
Extract: StartUpFile.cfx
Extract: SuppScan.cmd
Extract: SvcDrv.vbs
Extract: TemplatesFile.cfx
Extract: TemplatesFolder.cfx
Extract: Update-CF.cmd
Extract: VINFO3
Extract: VInfo
Extract: VInfo2
Extract: Vipev.dat
Extract: VwinTemp.dacl
Extract: Wmi_rem.vbs
Extract: XPSBoot.reg
Extract: appinit.bad
Extract: asp.str
Extract: av.cmd
Extract: av.vbs
Extract: badclsid.c
Extract: c.bat
Extract: catchme.3XE
Extract: clsid.c
Extract: dd.3XE
Extract: ddsDo.sed
Extract: dumphive.3XE
Extract: embedded.sed
Extract: extract.3XE
Extract: ffdefstr.dll
Extract: files.pif
Extract: firefox.exe
Extract: grep.3XE
Extract: gsar.3XE
Extract: handle.3XE
Extract: hidec.3XE
Extract: history.bat
Extract: hwid.pif
Extract: iexplore.exe
Extract: image001.gif
Extract: katch.cmd
Extract: lnkread.vbs
Extract: mbr.3XE
Extract: mbr.chk
Extract: md5sum.pif
Extract: md5sum00.pif
Extract: mtee.3XE
Extract: mynul.dat
Extract: n.pif
Extract: ncmd.com
Extract: ndis_combofix.dat
Extract: netsvc.bad.dat
Extract: netsvc.dat
Extract: netsvc.vista.dat
Extract: netsvc.xp.dat
Extract: pausep.3XE
Extract: pev.3XE
Extract: pevb.3XE
Extract: powp.dat
Extract: pv.com
Extract: region.dat
Extract: restore_pt.vbs
Extract: rmbr.3XE
Extract: rogues.dat
Extract: run2.sed
Extract: s0rt.3XE
Extract: safeboot.dat
Extract: safeboot.def.dat
Extract: safeboot.def.vista.dat
Extract: sed.3XE
Extract: setpath.3XE
Extract: srizbi.md5
Extract: svc_wht.dat
Extract: svchost.dat
Extract: svchost.vista.dat
Extract: svchost.vista.x64.dat
Extract: svchost.w7.dat
Extract: svchost.w7.x64.dat
Extract: swreg.3XE
Extract: swsc.3XE
Extract: swxcacls.3XE
Extract: system_ini.dat
Extract: tail.3XE
Extract: toolbar.sed
Extract: vistaMcode.dat
Extract: vistareg.dat
Extract: vun.dat
Extract: w2k_sock.dll
Extract: w2kreg.dat
Extract: w7Mcode.dat
Extract: w7reg.dat
Extract: w_sock.dll
Extract: xpmcode.dat
Extract: xpreg.dat
Extract: zDomain.dat
Extract: zhsvc.dat
Extract: zip.3XE
Output folder: C:\32788R22FWJFW\EN-US
Output folder: C:\32788R22FWJFW\License
Extract: Curl - license.txt
Extract: EXTRACT.TXT
Extract: FI - license.txt
Extract: UnxUtilsDist.com
Extract: UnxUtilsDist.html
Extract: UnxUtilsDist.pif
Extract: Zip - license.txt
Extract: dumphive-license.txt
Extract: firefox.exe
Extract: iexplore.exe
Extract: mtee.txt
Extract: ncmd.cfxxe
Extract: pv_5_2_2.zip
Extract: streamtools.zip
Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW

Re: problem s cervom

Napsal: 16 zář 2011 16:16
od tomikaco
s tou Recovery console mi to nejde :?:

http://kooo.ssdd.cz/obrazky/DSC00126.JPG

asi to nebude case-sensitive, ale pre istotu som skusal aj

Kód: Vybrat vše

expand USERINIT.EX_ C:\WINDOWS\system32\userinit.exe
a nejde, pricom na CD ten file je a ma nazov presne USERINIT.EX_

nebude napriklad problem v tom, ze system32 je read only?

Re: problem s cervom

Napsal: 17 zář 2011 23:24
od tomikaco
a tak ma napada, preco to vobec riesit cez Recovery Console, ked to mozem pisat priamo do cmd vo Windowse?

cez ten cmd mi to ide, ale tych poskodenych suborov je tam viac ako 100, pisat to po jednom je fakt na nervy. nie je nejaky efektivnejsi sposob?

Re: problem s cervom

Napsal: 18 zář 2011 20:18
od tomikaco
no cmd.exe mi Norton cely vymazal, tak som si ho samozrejme prekopiroval nanovo z druheho PC.

ok teda, tie systemove subory tam uz nejak dostanem, je to okrem toho uz vsetko? nevyzera, ze by sa vir snazil nejak rozsirovat, Norton mi uz 2 dni nic nehlasil. PC sa sprava relativne normalne, nejavi nejake znamky viru.

Re: problem s cervom

Napsal: 19 zář 2011 21:31
od tomikaco
ten CF ale stale neviem rozbehat :/

teraz mi pise nejaky Compatibility error - "Do not run ComboFix in compatibility mode. Doing so may damage the machine."

v ziadnom mode kompatiblity ho nepustam, proste to stiahnem na plochu, zavriem vsetky okna a zapnem to, rozbali sa a hodi error. mozno to nejak suvisi s tym Nortonom, on totiz nejde uplne vypnut, ide akurat deaktivovat.

Re: problem s cervom

Napsal: 20 zář 2011 12:56
od tomikaco
Microsoft Windows XP [Version 5.1.2600]


divne no :/ nemoze to byt sposobene tym, ze nie vsetky vymazane systemove subory som mohol nahradit, lebo neboli tam tom starom cd s SP1 a teraz to tomu CF chyba?

Re: problem s cervom

Napsal: 21 zář 2011 23:00
od tomikaco
neviem, neznacil som si to, bolo ich par co ich CF oznacil ako infected, Norton vymazal a na instalacnom CD XP SP1 neboli ani vo formate kabinetu ani ako exe. asi to boli nejake specificke subory, ktore sa tam nainstalovali so Service Pack 3.


ja by som povedal, ze to nejak nespolupracuje s tym Nortonom, lebo ked ho necham zapnuty, nenecha ma ten CombFix ani stiahnut a hned ho vymaze. a ako som povedal, Norton mi nejde uplne vypnut, iba deaktivovat jednotlive funkcie, takze sa to podla mna moze stale bit medzi sebou + je to jedina vec, ktora mi na pocitaci pribudla medzi dobou, kedy mi CF este isiel a kedy uz nie.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz