Problem s facebookom - scan RSIT

Zpráva

Tomo11 · #1 Příspěvek od **Tomo11** » 01 říj 2011 13:47

Posielam rsit scan ... co s tym mam robit dalej ?

Dakujem za kazdu pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomo11 at 2011-10-01 14:39:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (43%) free of 50 GB
Total RAM: 1535 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:39:54, on 1.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Tomo11\Desktop\RSIT.exe
C:\Program Files\trend micro\Tomo11.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.canon-europe.com/user/register.ijp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4209 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Tomo11\Application Data\Mozilla\Firefox\Profiles\85z8dql2.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
npDivxPlayerPlugin.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nsIDivxPlayerPlugin.xpt
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Tomo11\Application Data\Mozilla\Firefox\Profiles\85z8dql2.default\extensions\
vshare@toolbar

C:\Documents and Settings\Tomo11\Application Data\Mozilla\Firefox\Profiles\85z8dql2.default\searchplugins\
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-14 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe [2007-12-28 199424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2009-09-30 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JDownloader Launcher v3]
C:\Documents and Settings\Tomo11\Desktop\jdownloader\JDownloader.exe [2009-05-28 214528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft WinUpdate]
C:\WINDOWS\system32\msupdte.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nodenable]
C:\Program Files\eset\nodenable.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe [2005-11-23 1060864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-09-29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-14 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips SA52XX Device Manager.lnk]
C:\PROGRA~1\Philips\SA52XX~1\SA52XX~1.EXE -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tomo11^Start Menu^Programs^Startup^NHL® 09 Registration.lnk]
E:\HRY\NHL200~1\Support\EAREGI~1.EXE /remind /language=ENU /PRID=ODS:15374.110.Base Product /WHPR=NHL® 09 /PRNM=Electronic Arts Product []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2
"wuauserv"=2
"NMIndexingService"=3
"MDM"=2
"LightScribeService"=2
"JavaQuickStarterService"=2
"IJPLMSVC"=2
"IDriverT"=3
"clr_optimization_v2.0.50727_32"=3
"ATI Smart"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-09-30 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\HRY\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\HRY\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Disabled:Dragon Age Prameny Aktualizovat"
"E:\HRY\Dragon Age\bin_ship\daorigins.exe"="E:\HRY\Dragon Age\bin_ship\daorigins.exe:*:Disabled:Dragon Age Prameny Hra"
"E:\HRY\Dragon Age\DAOriginsLauncher.exe"="E:\HRY\Dragon Age\DAOriginsLauncher.exe:*:Disabled:Dragon Age Prameny Spustit"
"C:\Documents and Settings\Tomo11\Local Settings\Application Data\F4\ClientUpdater\ClientUpdater.exe"="C:\Documents and Settings\Tomo11\Local Settings\Application Data\F4\ClientUpdater\ClientUpdater.exe:*:Disabled:F4 Game Client Updater"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager"
"C:\Documents and Settings\Tomo11\Desktop\image96523489.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"E:\HRY\Left 4 Dead 2\left4dead2.exe"="E:\HRY\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Tomo11\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="C:\Documents and Settings\Tomo11\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\WINDOWS\update.3\svchost.exe"="C:\WINDOWS\update.3\svchost.exe:*:Enabled:C:\WINDOWS\update.3\svchost.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=yv12vfw.dll
"msacm.divxa32"=divxa32.acm
"msacm.ac3filter"=ac3filter.acm
"msacm.l3fhg"=mp3fhg.acm
"msacm.vorbis"=vorbis.acm
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-10-01 14:39:44 ----D---- C:\rsit
2011-10-01 14:39:44 ----D---- C:\Program Files\trend micro
2011-10-01 14:34:29 ----D---- C:\WINDOWS\ERDNT
2011-10-01 14:34:29 ----D---- C:\ComboFix
2011-10-01 14:34:29 ----A---- C:\WINDOWS\system32\CF3393.exe
2011-10-01 14:28:47 ----D---- C:\Qoobox
2011-09-11 16:10:45 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2011-09-11 16:08:22 ----A---- C:\WINDOWS\OEWABLog.txt
2011-09-11 15:50:36 ----D---- C:\WINDOWS\Prefetch
2011-09-10 15:39:34 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2011-09-10 15:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2011-09-10 15:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2011-09-10 15:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2011-09-10 15:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2011-09-10 15:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2011-09-10 15:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2011-09-10 15:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2011-09-10 15:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2011-09-10 15:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2011-09-10 15:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2011-09-10 15:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2011-09-10 15:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2011-09-10 15:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2011-09-10 15:37:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2011-09-10 15:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2011-09-10 15:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2011-09-10 15:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2011-09-10 15:37:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2011-09-10 15:37:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2011-09-10 15:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2011-09-10 15:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2011-09-10 15:36:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2011-09-10 15:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2011-09-10 15:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2011-09-10 15:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2011-09-10 15:36:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2011-09-10 15:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2011-09-10 15:35:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2011-09-10 15:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2011-09-10 15:35:35 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2011-09-10 15:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2011-09-10 15:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2011-09-10 15:35:07 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2011-09-10 15:35:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2011-09-10 15:34:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2011-09-10 15:34:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2011-09-10 15:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2011-09-10 15:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2011-09-10 15:34:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2011-09-10 15:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2011-09-10 15:34:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2011-09-10 15:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2011-09-10 15:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2011-09-10 15:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2011-09-10 15:33:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2011-09-10 15:33:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2011-09-10 15:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2011-09-10 15:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2011-09-10 15:32:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2011-09-10 15:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2011-09-10 15:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2011-09-10 15:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2011-09-10 15:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2011-09-10 15:32:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2011-09-10 15:32:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2011-09-10 15:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2011-09-10 15:30:07 ----A---- C:\WINDOWS\setuplog.txt
2011-09-10 15:29:21 ----D---- C:\WINDOWS\system32\scripting
2011-09-10 15:29:21 ----D---- C:\WINDOWS\system32\en
2011-09-10 15:29:21 ----D---- C:\WINDOWS\system32\bits
2011-09-10 15:29:21 ----D---- C:\WINDOWS\l2schemas
2011-09-10 15:27:02 ----D---- C:\WINDOWS\network diagnostic
2011-09-10 15:24:23 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2011-09-10 14:58:32 ----D---- C:\WINDOWS\system32\XPSViewer
2011-09-10 14:58:30 ----D---- C:\Program Files\MSBuild
2011-09-10 14:58:29 ----D---- C:\WINDOWS\system32\en-US
2011-09-10 14:58:25 ----D---- C:\Program Files\Reference Assemblies
2011-09-10 14:58:05 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2011-09-10 14:58:05 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2011-09-10 14:58:05 ----N---- C:\WINDOWS\system32\prntvpt.dll
2011-09-10 14:57:54 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2011-09-10 14:57:49 ----D---- C:\Program Files\MSXML 6.0
2011-09-10 14:34:37 ----HDC---- C:\WINDOWS\$NtUninstallKB980218_0$
2011-09-10 14:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2011-09-10 14:34:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2011-09-10 14:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2011-09-10 14:34:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2011-09-10 14:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2011-09-10 14:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2011-09-10 14:32:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2011-09-10 14:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979683_0$
2011-09-10 14:31:52 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2011-09-10 14:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2011-09-10 14:31:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2011-09-10 14:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2011-09-10 14:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980232_0$
2011-09-10 14:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2011-09-10 14:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2011-09-10 14:31:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2011-09-10 14:30:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2011-09-10 14:30:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593_0$
2011-09-10 14:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2011-09-10 14:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2011-09-10 14:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2011-09-10 14:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2011-09-10 14:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978338_0$
2011-09-10 14:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2011-09-10 14:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2011-09-10 14:29:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2011-09-10 14:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2011-09-10 14:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2011-09-10 14:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2011-09-10 14:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$
2011-09-10 14:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2011-09-10 14:26:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2011-09-10 14:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2011-09-10 14:26:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2011-09-10 14:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2011-09-10 14:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2011-09-10 14:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2011-09-10 14:26:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2011-09-10 14:25:53 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2011-09-10 14:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2011-09-10 14:25:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2011-09-10 14:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2011-09-10 14:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2011-09-10 14:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601_0$
2011-09-10 14:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB979559_0$
2011-09-10 14:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2011-09-10 14:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2011-09-10 14:23:44 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2011-09-10 14:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2011-09-10 14:22:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2011-09-10 14:21:09 ----A---- C:\WINDOWS\system32\MRT.exe
2011-09-10 14:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2011-09-10 14:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2011-09-10 14:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2011-09-10 14:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978542_0$
2011-09-10 14:20:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2011-09-10 14:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
2011-09-10 14:20:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979309_0$
2011-09-10 14:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2011-09-10 14:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979482_0$
2011-09-10 14:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2011-09-10 14:19:41 ----D---- C:\WINDOWS\ServicePackFiles
2011-09-10 14:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2011-09-10 14:19:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2011-09-10 14:19:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2011-09-10 14:17:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975562_0$
2011-09-10 14:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2011-09-10 14:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2011-09-10 14:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2011-09-10 14:16:57 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2011-09-10 14:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2011-09-10 14:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB982381_0$
2011-09-10 14:12:47 ----D---- C:\Program Files\MSXML 4.0
2011-09-10 14:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2011-09-10 14:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2011-09-10 14:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2011-09-10 14:12:14 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2011-09-10 14:05:02 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2011-09-10 14:05:02 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2011-09-10 14:05:01 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2011-09-10 14:05:01 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2011-09-10 14:05:01 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2011-09-10 14:05:01 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2011-09-10 14:04:58 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2011-09-10 14:04:58 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2011-09-10 14:04:58 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2011-09-10 14:04:57 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2011-09-10 14:04:57 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2011-09-10 14:04:56 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2011-09-10 14:04:55 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2011-09-10 14:04:55 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2011-09-10 14:04:54 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2011-09-10 14:04:54 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2011-09-10 14:04:54 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2011-09-10 14:04:52 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2011-09-10 14:04:48 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2011-09-10 14:04:48 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2011-09-10 14:04:48 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2011-09-10 14:03:23 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2011-09-10 14:03:23 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2011-09-10 14:03:23 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2011-09-10 14:03:23 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2011-09-10 14:03:23 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2011-09-10 14:03:23 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2011-09-10 14:03:23 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2011-09-10 14:03:22 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2011-09-10 13:49:34 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2011-09-10 13:47:11 ----N---- C:\WINDOWS\system32\browserchoice.exe
2011-09-10 13:47:04 ----N---- C:\WINDOWS\system32\tzchange.exe
2011-09-10 13:43:43 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2011-09-10 13:43:42 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2011-09-10 13:43:19 ----D---- C:\WINDOWS\system32\PreInstall
2011-09-10 13:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2011-09-10 13:43:17 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-10 13:39:20 ----D---- C:\WINDOWS\system32\SoftwareDistribution

======List of files/folders modified in the last 1 month======

2011-10-01 14:39:45 ----D---- C:\WINDOWS\Temp
2011-10-01 14:39:44 ----RD---- C:\Program Files
2011-10-01 14:34:30 ----D---- C:\WINDOWS\system32
2011-10-01 14:34:29 ----AD---- C:\WINDOWS
2011-10-01 13:25:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-30 14:58:26 ----D---- C:\Program Files\Mozilla Firefox
2011-09-20 08:55:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-09-19 22:57:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-09-12 20:01:01 ----SHD---- C:\WINDOWS\Installer
2011-09-11 21:41:50 ----SD---- C:\Documents and Settings\Tomo11\Application Data\Microsoft
2011-09-11 15:59:01 ----HD---- C:\WINDOWS\inf
2011-09-11 15:58:24 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-11 15:51:02 ----D---- C:\WINDOWS\Debug
2011-09-11 15:49:58 ----RSD---- C:\WINDOWS\Fonts
2011-09-11 15:49:58 ----D---- C:\WINDOWS\system32\wbem
2011-09-11 15:49:58 ----D---- C:\WINDOWS\system32\Setup
2011-09-11 15:49:58 ----D---- C:\WINDOWS\AppPatch
2011-09-11 15:49:56 ----D---- C:\WINDOWS\system32\drivers
2011-09-10 15:39:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-10 15:39:37 ----D---- C:\WINDOWS\system32\CatRoot
2011-09-10 15:38:23 ----D---- C:\Program Files\Outlook Express
2011-09-10 15:37:35 ----D---- C:\Program Files\Movie Maker
2011-09-10 15:32:21 ----D---- C:\Program Files\Messenger
2011-09-10 15:29:35 ----D---- C:\WINDOWS\WinSxS
2011-09-10 15:29:31 ----D---- C:\Program Files\Windows Media Player
2011-09-10 15:29:25 ----D---- C:\WINDOWS\system32\inetsrv
2011-09-10 15:29:25 ----D---- C:\WINDOWS\ime
2011-09-10 15:29:25 ----D---- C:\WINDOWS\Help
2011-09-10 15:29:22 ----D---- C:\WINDOWS\system32\usmt
2011-09-10 15:29:21 ----D---- C:\WINDOWS\PeerNet
2011-09-10 15:29:21 ----D---- C:\Program Files\Internet Explorer
2011-09-10 15:27:52 ----D---- C:\WINDOWS\system32\Restore
2011-09-10 15:27:52 ----D---- C:\WINDOWS\system32\npp
2011-09-10 15:27:52 ----D---- C:\WINDOWS\mui
2011-09-10 15:27:52 ----D---- C:\WINDOWS\msagent
2011-09-10 15:27:51 ----D---- C:\WINDOWS\srchasst
2011-09-10 15:27:51 ----D---- C:\Program Files\NetMeeting
2011-09-10 15:27:50 ----D---- C:\WINDOWS\system32\Com
2011-09-10 15:27:49 ----D---- C:\Program Files\Windows NT
2011-09-10 15:27:48 ----D---- C:\Program Files\Common Files\System
2011-09-10 15:27:40 ----D---- C:\WINDOWS\system32\oobe
2011-09-10 15:27:39 ----D---- C:\WINDOWS\system
2011-09-10 15:26:04 ----D---- C:\WINDOWS\security
2011-09-10 15:23:52 ----D---- C:\WINDOWS\ehome
2011-09-10 15:17:43 ----RSD---- C:\WINDOWS\assembly
2011-09-10 14:58:16 ----D---- C:\WINDOWS\system32\spool
2011-09-10 13:39:31 ----D---- C:\WINDOWS\SoftwareDistribution
2011-09-10 13:36:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-10-05 691696]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 viamraid;viamraid; C:\WINDOWS\system32\drivers\viamraid.sys [2005-11-23 92672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-12-21 141264]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-12-21 134000]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-09-30 3565056]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-12-21 33120]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ac66i89m;ac66i89m; C:\WINDOWS\system32\drivers\ac66i89m.sys []
S3 androidusb;ADB Interface Driver; C:\WINDOWS\System32\Drivers\fxxandroidusb.sys [2010-06-17 25728]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pwdrvio;pwdrvio; \??\C:\WINDOWS\system32\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys []
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\FXX\qcusbser.sys [2010-06-17 103424]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vtcdrv;Philips SA52xx Recovery Device; C:\WINDOWS\System32\Drivers\vtcdrv.sys [2008-05-09 18560]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-09-30 602112]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-01-12 810144]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 UxTuneUp;TuneUp rozšíření vzhledu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2011-01-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-12-23 306432]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-09-29 593920]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-14 153376]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

Tomo11 · #2 Příspěvek od **Tomo11** » 01 říj 2011 14:03

aby som to doplnil tak mi neide zapnut fcb vobec. ak sa prihlasim cez telefon tak je vsetko v pohode ale na PC mi to neide. napise mi ze stranka sa neda zobrazit. je to tak od kedy som klikol na odkaz co mi poslal virus "HI" :/

#3 Příspěvek od **cernohous13** » 01 říj 2011 14:10

Zdravím,

stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
dej volbu 2 - vytvořený log sem zkopíruj

opakuj s volbou 3 a 4 (logy mi dej) - pak budeme pokračovat v úklidu

Tomo11 · #4 Příspěvek od **Tomo11** » 01 říj 2011 14:12

volba 2

RogueKiller V6.1.1 [09/28/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tomo11 [Admin rights]
Mode: Remove -- Date : 10/01/2011 15:11:42

Bad processes: 0

Registry Entries: 7
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[] HKLM\[...]\Windows : () -> ACCESS DENIED

Particular Files / Folders:

Driver: [LOADED]
SSDT[277] : NtWriteVirtualMemory @ 0x8058D363 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C750)
SSDT[258] : NtTerminateThread @ 0x8059560C -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C5D0)
SSDT[257] : NtTerminateProcess @ 0x80593435 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C4D0)
SSDT[254] : NtSuspendThread @ 0x80637937 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C590)
SSDT[253] : NtSuspendProcess @ 0x80637A1B -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C510)
SSDT[237] : NtSetSecurityObject @ 0x805DFB3F -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C7D0)
SSDT[229] : NtSetInformationThread @ 0x80576AB3 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C650)
SSDT[213] : NtSetContextThread @ 0x80635C83 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C690)
SSDT[180] : NtQueueApcThread @ 0x805E3E9C -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C790)
SSDT[137] : NtProtectVirtualMemory @ 0x8057F1C3 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C6D0)
SSDT[128] : NtOpenThread @ 0x80584849 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C570)
SSDT[122] : NtOpenProcess @ 0x8057F592 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C4B0)
SSDT[68] : NtDuplicateObject @ 0x8057EDE5 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C730)
SSDT[57] : NtDebugActiveProcess @ 0x80662889 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29CC10)
SSDT[19] : NtAssignProcessToJobObject @ 0x805E8E34 -> HOOKED (\SystemRoot\system32\DRIVERS\ehdrv.sys @ 0x9E29C610)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

Tomo11 · #5 Příspěvek od **Tomo11** » 01 říj 2011 14:12

volba 3

RogueKiller V6.1.1 [09/28/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tomo11 [Admin rights]
Mode: HOSTSFix -- Date : 10/01/2011 15:12:34

Bad processes: 0

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Tomo11 · #6 Příspěvek od **Tomo11** » 01 říj 2011 14:13

volba 4

RogueKiller V6.1.1 [09/28/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Tomo11 [Admin rights]
Mode: ProxyFix -- Date : 10/01/2011 15:13:13

Bad processes: 0

Driver: [LOADED]

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#7 Příspěvek od **cernohous13** » 01 říj 2011 14:16

Teď už ti FB poběží, ale pokračujeme

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl

Tomo11 · #8 Příspěvek od **Tomo11** » 01 říj 2011 14:21

ok idem nato ...

potom ten log poslem

#9 Příspěvek od **cernohous13** » 01 říj 2011 14:24

yesssssssss

Tomo11 · #10 Příspěvek od **Tomo11** » 01 říj 2011 14:27

inac s tym programom som uz cistil pc ale aj tak mi nesiel facebook

som zvedavy ci to teraz pomoze

#11 Příspěvek od **cernohous13** » 01 říj 2011 15:30

to už měl opravit RogueKiller v kroku 3

VIRY.CZ

Problem s facebookom - scan RSIT

Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT

Re: Problem s facebookom - scan RSIT