Hacknuty Password.

Zpráva

Unlimited_Killer

Kolegyně mi poradila, že je možné, že se CF neukončil správně, či jste resetoval PC atp. a teď tam 'visí' po startu.
Prosím tedy o RSIT log.

1) Random's System Information Tool

Stáhněte a uložte na Plochu RSIT.
Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
Pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt
Obsah tohoto logu vložte do svého příspěvku.

Tutt1 · #17 Příspěvek od **Tutt1** » 14 úno 2010 16:46

Logfile of random's system information tool 1.06 (written by random/random)
Run by Patrik at 2010-02-14 16:46:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 73 GB (73%) free of 100 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:42, on 14. 2. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\ICQ7.0\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Documents and Settings\Patrik\Desktop\RSIT.exe
C:\Program Files\trend micro\Patrik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qip.ru/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by QIP.ru
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: 64.20.33.226 l2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll (file missing)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Program Files\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [DelReg] C:\Program Files\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF19668.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] C:\RECYCLER\S-1-5-21-7141751271-1474882387-388106166-0701\winigon.exe
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-21-1275210071-1078145449-682003330-1006\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe (User 'Slavo')
O4 - HKUS\S-1-5-21-1275210071-1078145449-682003330-1006\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User 'Slavo')
O4 - HKUS\S-1-5-21-1275210071-1078145449-682003330-1006\..\Run: [OEXPRESS] (User 'Slavo')
O4 - HKUS\S-1-5-21-1275210071-1078145449-682003330-1006\..\Run: [WEBTRAN] (User 'Slavo')
O4 - HKUS\S-1-5-21-1275210071-1078145449-682003330-1006\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (User 'Slavo')
O4 - HKUS\S-1-5-21-1275210071-1078145449-682003330-1006\..\Run: [] (User 'Slavo')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - (no file)
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {30365816-A5D3-4E74-BC9A-D74A0C9A600B} - C:\Program Files\QIP Infium\infium.exe (file missing) (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7900802531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13203 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Program Files\Internet Explorer\qipsearchbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DelReg"=C:\Program Files\MSI\DualCoreCenter\DelReg.exe []
"WinSys2"=C:\WINDOWS\system32\winsys2.exe [2008-10-22 208896]
"Logitech Hardware Abstraction Layer"=C:\windows\KHALMNPR.EXE [2009-06-17 55824]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe [2002-07-11 188416]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2009-02-04 18085888]
"Alcmtr"=C:\windows\ALCMTR.EXE [2008-06-19 57344]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]
"Kernel and Hardware Abstraction Layer"=C:\windows\KHALMNPR.EXE [2009-06-17 55824]
"combofix"=C:\ComboFix\CF19668.cfxxe /c C:\ComboFix\C.bat []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"TBPanel"=C:\Program Files\Vtune\TBPanel.exe [2008-09-05 2154496]
"12CFG94-z641-2SF-N31P-5M1ER6H6L1"=C:\RECYCLER\S-1-5-21-7141751271-1474882387-388106166-0701\winigon.exe []
"RGSC"=D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"PlayNC Launcher"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-12-26 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Program Files\Steam\Steam.exe [2009-10-27 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
D:\Program Files\uTorrent\uTorrent.exe [2009-10-11 289072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
E:\Warcraft III\w3dr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\ApexDC++\ApexDC.exe"="C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
"E:\Program Files\Left4dead\left4dead.exe"="E:\Program Files\Left4dead\left4dead.exe:*:Enabled:left4dead"
"E:\Program Files\Steam\steamapps\logitech103\counter-strike\hl.exe"="E:\Program Files\Steam\steamapps\logitech103\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\ApexDC++\ApexDC.exe"="D:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
"D:\Program Files\StrongDC++\StrongDC.exe"="D:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\CrossLoop\CrossLoopConnect.exe"="C:\Program Files\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"E:\Program Files\Steam\steamapps\progamertutt1\counter-strike\hl.exe"="E:\Program Files\Steam\steamapps\progamertutt1\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\LimeWire\LimeWire.exe"="E:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"E:\Program Files\BF\BF2.exe"="E:\Program Files\BF\BF2.exe:*:Enabled:Battlefield 2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\ApexDC++\ApexDC.exe"="E:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe"="C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe:*:Enabled:James Cameron's AVATAR(tm): THE GAME"
"C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe"="C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe:*:Enabled:Updater"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\IncrediMail\bin\IncMail.exe"="D:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"D:\Program Files\IncrediMail\bin\ImApp.exe"="D:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"D:\Program Files\IncrediMail\bin\ImpCnt.exe"="D:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe"="D:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
"D:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe"="D:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.ini - open - "C:\Program Files\GetDiz\GetDiz.exe" "%1"
.js - open - "E:\Program Files\Adobe Dreamweaver CS3\dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-03-02 11:13:36 ----D---- C:\windows\ERDNT
2010-03-02 10:06:47 ----D---- C:\Program Files\trend micro
2010-03-01 23:41:29 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2010-03-01 08:06:04 ----SHD---- C:\Documents and Settings\All Users\Application Data\SecuROM
2010-02-28 20:59:25 ----D---- C:\Program Files\Common Files\DESIGNER
2010-02-28 20:53:14 ----D---- C:\Program Files\Microsoft Works
2010-02-28 20:52:20 ----D---- C:\Program Files\Microsoft.NET
2010-02-28 20:48:23 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-02-28 20:47:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-28 20:47:03 ----RHD---- C:\MSOCache
2010-02-14 16:46:37 ----D---- C:\rsit
2010-02-08 19:08:57 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2010-02-08 18:57:32 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2010-02-08 18:55:46 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2010-02-07 12:27:28 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2010-02-06 16:39:59 ----A---- C:\windows\system32\BtCoreIf.dll
2010-02-06 16:39:55 ----A---- C:\windows\system32\KemXML.dll
2010-02-06 16:39:55 ----A---- C:\windows\system32\KemWnd.dll
2010-02-06 16:39:55 ----A---- C:\windows\system32\KemUtil.dll
2010-02-06 16:39:55 ----A---- C:\windows\system32\kemutb.dll
2010-02-06 16:39:41 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2010-02-06 16:39:27 ----D---- C:\Program Files\Logitech
2010-02-05 13:47:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-02-05 13:07:48 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2010-02-05 13:07:34 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-02-05 13:07:33 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-01-28 00:34:31 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-28 00:34:11 ----D---- C:\Documents and Settings\Patrik\Application Data\ICQ
2010-01-28 00:33:58 ----D---- C:\Program Files\ICQ7.0
2010-01-28 00:16:28 ----HD---- C:\windows\msdownld.tmp
2010-01-28 00:15:01 ----D---- C:\Documents and Settings\Patrik\Application Data\QIP
2010-01-28 00:14:54 ----HDC---- C:\windows\ie8
2010-01-25 02:07:12 ----D---- C:\Documents and Settings\All Users\Application Data\Solidshield
2010-01-25 01:59:44 ----D---- C:\Program Files\Ubisoft
2010-01-24 08:54:37 ----D---- C:\Program Files\Common Files\PCSuite
2010-01-16 08:47:42 ----D---- C:\Program Files\Webteh

======List of files/folders modified in the last 1 months======

2010-03-02 11:13:36 ----D---- C:\WINDOWS
2010-03-02 10:06:47 ----RD---- C:\Program Files
2010-03-01 23:42:06 ----SHD---- C:\windows\Installer
2010-03-01 21:20:38 ----A---- C:\windows\wincmd.ini
2010-03-01 18:19:04 ----D---- C:\Documents and Settings\Patrik\Application Data\Any DVD Converter Professional
2010-03-01 18:18:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-01 14:35:42 ----D---- C:\windows\SxsCaPendDel
2010-03-01 08:05:31 ----D---- C:\windows\WinSxS
2010-03-01 08:03:52 ----D---- C:\windows\system32\DirectX
2010-03-01 08:03:51 ----HD---- C:\windows\inf
2010-03-01 08:03:44 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-01 08:03:14 ----RSD---- C:\windows\assembly
2010-03-01 07:52:03 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-01 07:49:31 ----A---- C:\windows\win.ini
2010-03-01 07:49:31 ----A---- C:\windows\system.ini
2010-02-28 22:53:43 ----A---- C:\windows\NeroDigital.ini
2010-02-28 22:37:10 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2010-02-28 21:11:19 ----RSD---- C:\windows\Fonts
2010-02-28 21:11:16 ----A---- C:\windows\TRNCOM.INI
2010-02-28 20:59:25 ----D---- C:\Program Files\Common Files
2010-02-28 20:59:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-28 20:56:24 ----D---- C:\windows\SHELLNEW
2010-02-28 20:56:13 ----D---- C:\Program Files\Common Files\System
2010-02-28 20:53:42 ----D---- C:\windows\system32\config
2010-02-28 20:53:05 ----D---- C:\Program Files\MSBuild
2010-02-28 20:52:56 ----D---- C:\Program Files\Microsoft Office
2010-02-28 20:52:20 ----D---- C:\windows\pchealth
2010-02-28 20:50:56 ----D---- C:\windows\Help
2010-02-14 16:46:33 ----D---- C:\windows\Temp
2010-02-14 16:42:02 ----D---- C:\Program Files\Mozilla Firefox
2010-02-14 16:41:41 ----D---- C:\windows\Prefetch
2010-02-14 15:18:43 ----D---- C:\windows\system32
2010-02-14 15:18:43 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-02-14 15:15:54 ----D---- C:\windows\system32\CatRoot2
2010-02-14 13:51:23 ----A---- C:\windows\SchedLgU.Txt
2010-02-12 13:22:25 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-07 19:05:29 ----D---- C:\Documents and Settings\Patrik\Application Data\Adobe
2010-02-06 16:40:56 ----D---- C:\Program Files\Common Files\Logishrd
2010-02-06 16:40:49 ----D---- C:\windows\system32\drivers
2010-02-06 16:40:40 ----RSHDC---- C:\windows\system32\dllcache
2010-02-06 16:40:31 ----D---- C:\windows\system32\ReinstallBackups
2010-02-03 21:36:35 ----D---- C:\Documents and Settings\Patrik\Application Data\uTorrent
2010-02-03 20:54:56 ----D---- C:\Program Files\Common Files\Adobe
2010-01-28 13:52:15 ----D---- C:\Documents and Settings
2010-01-28 09:51:47 ----D---- C:\windows\system32\en-US
2010-01-28 09:51:47 ----D---- C:\windows\Media
2010-01-28 09:51:47 ----D---- C:\Program Files\Internet Explorer
2010-01-26 17:50:59 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-26 17:50:57 ----SD---- C:\windows\Downloaded Program Files
2010-01-24 08:54:51 ----DC---- C:\windows\system32\DRVSTORE
2010-01-24 08:54:33 ----D---- C:\Program Files\Common Files\Nokia
2010-01-21 16:57:18 ----D---- C:\Documents and Settings\Patrik\Application Data\BSplayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\windows\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R2 LBeepKE;LBeepKE; C:\windows\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 TBPanel;TBPanel; C:\windows\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2009-02-04 5030912]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\l1e51x86.sys [2008-09-24 38400]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\windows\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\windows\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
S3 Ambfilt;Ambfilt; C:\windows\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\windows\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\windows\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992]
S3 Monfilt;Monfilt; C:\windows\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 msloop;Microsoft Loopback Adapter Driver; C:\windows\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 nm;Network Monitor Driver; C:\windows\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 npkcrypt;npkcrypt; \??\E:\Program Files\Lineage II\system\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\windows\system32\DRIVERS\s217bus.sys [2007-11-02 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s217mdm.sys [2007-11-02 109992]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s217obex.sys [2007-11-02 100008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\windows\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2008-12-25 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2009-09-27 172100]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-12-26 243056]
R2 WSearch;Windows Search; C:\windows\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-11 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-14 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-29 3110016]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Unlimited_Killer

Je to přesně tak, jak kolegyně předpokládala. Ale máte tam plno havěti, jdu napsat skript na odstranění.

Unlimited_Killer

Jdeme na to.

1) OTMoveit3

Stáhněte OTM3 na Plochu.
Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.

Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-
"DelReg"=-
"Alcmtr"=-
"SunJavaUpdateSched"=-
"QuickTime Task"=-
"combofix"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"12CFG94-z641-2SF-N31P-5M1ER6H6L1"=-
"RGSC"=-
"PlayNC Launcher"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w3dr.exe]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

:files
C:\Program Files\ICQ6Toolbar
C:\Program Files\Internet Explorer\qipsearchbar.dll
C:\Program Files\AskBarDis
C:\WINDOWS\system32\winsys2.exe 
C:\RECYCLER\S-1-5-21-7141751271-1474882387-388106166-0701\winigon.exe
C:\windows\tasks\AppleSoftwareUpdate.job

:services
ICQ Service
JavaQuickStarterService
ASKUpgrade

:commands
[emptytemp]
[resethosts]
[reboot]

Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
Pokud se zobrazí hláška k restartování, klikněte na Yes.
Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles

2) Fixnutí v HJT

Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
Klikněte na 'Do a system scan only'.

U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qip.ru/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by QIP.ru
R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - (no file)
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {30365816-A5D3-4E74-BC9A-D74A0C9A600B} - C:\Program Files\QIP Infium\infium.exe (file missing) (HKCU)

Pokud by tam nějaká položka nebyla, vynechte ji.

Tutt1 · #20 Příspěvek od **Tutt1** » 14 úno 2010 17:51

No pooznacoval som vsetko a nakoniec sa opytalo ci chcem zmazat oznacene veci tak som dal ano, snad to je spravne.

Tutt1 · #21 Příspěvek od **Tutt1** » 14 úno 2010 17:59

Dokoncil som postup ktory si napisa, no stale to pipa po restarte.

Unlimited_Killer

Nový RSIT log.

Tutt1 · #23 Příspěvek od **Tutt1** » 14 úno 2010 18:05

Logfile of random's system information tool 1.06 (written by random/random)
Run by Patrik at 2010-02-14 18:05:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 76 GB (76%) free of 100 GB
Total RAM: 2047 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:35, on 14. 2. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\system32\RUNDLL32.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Documents and Settings\Patrik\Desktop\RSIT.exe
C:\Program Files\trend micro\Patrik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7900802531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8107 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"=C:\windows\KHALMNPR.EXE [2009-06-17 55824]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe [2002-07-11 188416]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2009-02-04 18085888]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-10-07 1461080]
"Kernel and Hardware Abstraction Layer"=C:\windows\KHALMNPR.EXE [2009-06-17 55824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"TBPanel"=C:\Program Files\Vtune\TBPanel.exe [2008-09-05 2154496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-12-26 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Program Files\Steam\Steam.exe [2009-10-27 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
D:\Program Files\uTorrent\uTorrent.exe [2009-10-11 289072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\ApexDC++\ApexDC.exe"="C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
"E:\Program Files\Left4dead\left4dead.exe"="E:\Program Files\Left4dead\left4dead.exe:*:Enabled:left4dead"
"E:\Program Files\Steam\steamapps\logitech103\counter-strike\hl.exe"="E:\Program Files\Steam\steamapps\logitech103\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\ApexDC++\ApexDC.exe"="D:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
"D:\Program Files\StrongDC++\StrongDC.exe"="D:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\CrossLoop\CrossLoopConnect.exe"="C:\Program Files\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"E:\Program Files\Steam\steamapps\progamertutt1\counter-strike\hl.exe"="E:\Program Files\Steam\steamapps\progamertutt1\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Program Files\LimeWire\LimeWire.exe"="E:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"E:\Program Files\BF\BF2.exe"="E:\Program Files\BF\BF2.exe:*:Enabled:Battlefield 2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\ApexDC++\ApexDC.exe"="E:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe"="C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe:*:Enabled:James Cameron's AVATAR(tm): THE GAME"
"C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe"="C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe:*:Enabled:Updater"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\IncrediMail\bin\IncMail.exe"="D:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"D:\Program Files\IncrediMail\bin\ImApp.exe"="D:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"D:\Program Files\IncrediMail\bin\ImpCnt.exe"="D:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe"="D:\Program Files\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2"
"D:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe"="D:\Program Files\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe:*:Enabled:BioShock 2 Multiplayer"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.ini - open - "C:\Program Files\GetDiz\GetDiz.exe" "%1"
.js - open - "E:\Program Files\Adobe Dreamweaver CS3\dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-03-02 11:13:36 ----D---- C:\windows\ERDNT
2010-03-02 10:06:47 ----D---- C:\Program Files\trend micro
2010-03-01 23:41:29 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2010-03-01 08:06:04 ----SHD---- C:\Documents and Settings\All Users\Application Data\SecuROM
2010-02-28 20:59:25 ----D---- C:\Program Files\Common Files\DESIGNER
2010-02-28 20:53:14 ----D---- C:\Program Files\Microsoft Works
2010-02-28 20:52:20 ----D---- C:\Program Files\Microsoft.NET
2010-02-28 20:48:23 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-02-28 20:47:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-28 20:47:03 ----RHD---- C:\MSOCache
2010-02-14 17:43:54 ----D---- C:\_OTM
2010-02-14 16:46:37 ----D---- C:\rsit
2010-02-08 19:08:57 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2010-02-08 18:57:32 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2010-02-08 18:55:46 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2010-02-07 12:27:28 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2010-02-06 16:39:59 ----A---- C:\windows\system32\BtCoreIf.dll
2010-02-06 16:39:55 ----A---- C:\windows\system32\KemXML.dll
2010-02-06 16:39:55 ----A---- C:\windows\system32\KemWnd.dll
2010-02-06 16:39:55 ----A---- C:\windows\system32\KemUtil.dll
2010-02-06 16:39:55 ----A---- C:\windows\system32\kemutb.dll
2010-02-06 16:39:41 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2010-02-06 16:39:27 ----D---- C:\Program Files\Logitech
2010-02-05 13:47:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-02-05 13:07:48 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2010-02-05 13:07:34 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-02-05 13:07:33 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-01-28 00:34:11 ----D---- C:\Documents and Settings\Patrik\Application Data\ICQ
2010-01-28 00:33:58 ----D---- C:\Program Files\ICQ7.0
2010-01-28 00:15:01 ----D---- C:\Documents and Settings\Patrik\Application Data\QIP
2010-01-28 00:14:54 ----HDC---- C:\windows\ie8
2010-01-25 02:07:12 ----D---- C:\Documents and Settings\All Users\Application Data\Solidshield
2010-01-25 01:59:44 ----D---- C:\Program Files\Ubisoft
2010-01-24 08:54:37 ----D---- C:\Program Files\Common Files\PCSuite
2010-01-16 08:47:42 ----D---- C:\Program Files\Webteh

======List of files/folders modified in the last 1 months======

2010-03-01 23:42:06 ----SHD---- C:\windows\Installer
2010-03-01 21:20:38 ----A---- C:\windows\wincmd.ini
2010-03-01 18:19:04 ----D---- C:\Documents and Settings\Patrik\Application Data\Any DVD Converter Professional
2010-03-01 18:18:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-01 14:35:42 ----D---- C:\windows\SxsCaPendDel
2010-03-01 08:05:31 ----D---- C:\windows\WinSxS
2010-03-01 08:03:52 ----D---- C:\windows\system32\DirectX
2010-03-01 08:03:51 ----HD---- C:\windows\inf
2010-03-01 08:03:44 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-01 08:03:14 ----RSD---- C:\windows\assembly
2010-03-01 07:52:03 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-01 07:49:31 ----A---- C:\windows\win.ini
2010-03-01 07:49:31 ----A---- C:\windows\system.ini
2010-02-28 22:53:43 ----A---- C:\windows\NeroDigital.ini
2010-02-28 22:37:10 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2010-02-28 21:11:19 ----RSD---- C:\windows\Fonts
2010-02-28 21:11:16 ----A---- C:\windows\TRNCOM.INI
2010-02-28 20:59:25 ----D---- C:\Program Files\Common Files
2010-02-28 20:59:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-28 20:56:24 ----D---- C:\windows\SHELLNEW
2010-02-28 20:56:13 ----D---- C:\Program Files\Common Files\System
2010-02-28 20:53:42 ----D---- C:\windows\system32\config
2010-02-28 20:53:05 ----D---- C:\Program Files\MSBuild
2010-02-28 20:52:56 ----D---- C:\Program Files\Microsoft Office
2010-02-28 20:52:20 ----D---- C:\windows\pchealth
2010-02-28 20:50:56 ----D---- C:\windows\Help
2010-02-14 18:05:27 ----D---- C:\windows\Temp
2010-02-14 18:02:31 ----D---- C:\windows\system32
2010-02-14 18:02:31 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-02-14 17:58:41 ----D---- C:\Program Files\Mozilla Firefox
2010-02-14 17:57:04 ----A---- C:\windows\SchedLgU.Txt
2010-02-14 17:55:38 ----D---- C:\windows\Prefetch
2010-02-14 17:44:37 ----D---- C:\WINDOWS
2010-02-14 17:44:02 ----SD---- C:\windows\Tasks
2010-02-14 17:44:02 ----RD---- C:\Program Files
2010-02-14 15:15:54 ----D---- C:\windows\system32\CatRoot2
2010-02-12 13:22:25 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-07 19:05:29 ----D---- C:\Documents and Settings\Patrik\Application Data\Adobe
2010-02-06 16:40:56 ----D---- C:\Program Files\Common Files\Logishrd
2010-02-06 16:40:49 ----D---- C:\windows\system32\drivers
2010-02-06 16:40:40 ----RSHDC---- C:\windows\system32\dllcache
2010-02-06 16:40:31 ----D---- C:\windows\system32\ReinstallBackups
2010-02-03 21:36:35 ----D---- C:\Documents and Settings\Patrik\Application Data\uTorrent
2010-02-03 20:54:56 ----D---- C:\Program Files\Common Files\Adobe
2010-01-28 13:52:15 ----D---- C:\Documents and Settings
2010-01-28 09:51:47 ----D---- C:\windows\system32\en-US
2010-01-28 09:51:47 ----D---- C:\windows\Media
2010-01-28 09:51:47 ----D---- C:\Program Files\Internet Explorer
2010-01-26 17:50:59 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-01-26 17:50:57 ----SD---- C:\windows\Downloaded Program Files
2010-01-24 08:54:51 ----DC---- C:\windows\system32\DRVSTORE
2010-01-24 08:54:33 ----D---- C:\Program Files\Common Files\Nokia
2010-01-21 16:57:18 ----D---- C:\Documents and Settings\Patrik\Application Data\BSplayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdi;epfwtdi; C:\windows\system32\DRIVERS\epfwtdi.sys [2009-10-07 55256]
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2009-10-07 73760]
R2 LBeepKE;LBeepKE; C:\windows\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 TBPanel;TBPanel; C:\windows\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Epfwndis;Eset Personal Firewall; C:\windows\system32\DRIVERS\Epfwndis.sys [2009-10-07 32072]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2009-02-04 5030912]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\l1e51x86.sys [2008-09-24 38400]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\windows\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\windows\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
R3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
S3 Ambfilt;Ambfilt; C:\windows\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\windows\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\windows\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992]
S3 Monfilt;Monfilt; C:\windows\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 msloop;Microsoft Loopback Adapter Driver; C:\windows\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 nm;Network Monitor Driver; C:\windows\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 npkcrypt;npkcrypt; \??\E:\Program Files\Lineage II\system\npkcrypt.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\windows\system32\DRIVERS\s217bus.sys [2007-11-02 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s217mdm.sys [2007-11-02 109992]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s217obex.sys [2007-11-02 100008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\windows\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2008-12-25 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-10-07 472280]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2009-09-27 172100]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-12-26 243056]
R2 WSearch;Windows Search; C:\windows\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-11 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-10-07 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-14 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-29 3110016]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Tutt1 · #24 Příspěvek od **Tutt1** » 14 úno 2010 20:08

Toto si potreboval?

Unlimited_Killer

No nevím, pokud pořád pípá, zkusíme toto... Sice je to dočišťovací proces, ale CCleaner by mohl zabrat.

1) CCleaner

Stáhněte si program jménem CCleaner.
Normálně nainstalujte, jen dávejte pozor a odškrtněte položku 'Instalovat Yahoo! Toolbar'.
Spusťte ho.
- Záložka Čistič → nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
- Záložka Registry → klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

2) Defragmentace

Defragmentujte disk.
Lze to udělat několika způsoby ↓
- Přes defragmentaci integrovanou ve Windows [Start → Spustit → dfrg.msc → Enter]. Toto není příliš účinný způsob.
- Přes jednoduchý a přehledný program jménem Defraggler.
- Přes geniální program, který se nemusí instalovat a je hodně jednoduchý - JKDefrag.

Tutt1 · #26 Příspěvek od **Tutt1** » 15 úno 2010 11:38

No nic nepomohlo stale ti pipa, no nechajme to tak ja planujem windovs 7 tak by to malo byt v pohode.
Mohli by sme sa pls vratit k tomu problemu mojej kamaratky? Pouzila ten program podla uvedeneho postupu.
A toto je vysledok ktory si asi potreboval:

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3739
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

14.2.2010 23:28:10
mbam-log-2010-02-14 (23-28-10).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 123317
Uplynutý cas: 14 minute(s), 2 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 2
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 1

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{055fd26d-3a88-4e15-963d-dc8493744b1d}
(Trojan.BHO) -> Quarantined and deleted successfully.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:Program FilesICQToolbartoolbaru.dll (Trojan.BHO) -> Quarantined and
deleted successfully.

Unlimited_Killer

Dobrá prosím o nový RSIT log. Ale docela skript bude trvat dlouho, protože všude doplňovat \ je na hodně dlouho...

Tutt1 · #28 Příspěvek od **Tutt1** » 15 úno 2010 21:37

Ten log potrebujes z RSIT?

Unlimited_Killer

VIRY.CZ

Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.

Re: Hacknuty Password.