Logfile of random's system information tool 1.08 (written by random/random)
Run by patrik at 2010-10-27 13:13:45
Microsoft Windows 7 Ultimate
System drive C: has 27 GB (54%) free of 50 GB
Total RAM: 3070 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:13:46, on 27. 10. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
C:\Windows\system32\wuauclt.exe
C:\Users\patrik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\patrik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\patrik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\patrik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\CounterPath\X-Lite\x-lite.exe
C:\Users\patrik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\patrik\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\patrik\Downloads\RSIT (1).exe
C:\Program Files\trend micro\patrik.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YouTubeUploaderLib.YouTubeUploaderLib - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe
O4 - HKCU\..\Run: [Driver Updater] "C:\Program Files\Carambis\Driver Updater\dupdater.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 5354 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3892172656-989301815-4191589665-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3892172656-989301815-4191589665-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-01-13 6711840]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-01-13 1833504]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Device Detection"=C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe [2010-10-04 401592]
"Driver Updater"=C:\Program Files\Carambis\Driver Updater\dupdater.exe [2010-06-08 4973056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2010-10-27 13:04:19 ----D---- C:\Program Files\trend micro
2010-10-27 11:23:04 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-27 11:23:04 ----A---- C:\Windows\system32\wmp.dll
2010-10-27 11:23:03 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-27 11:23:03 ----A---- C:\Windows\system32\mfc40.dll
2010-10-27 11:23:02 ----A---- C:\Windows\system32\t2embed.dll
2010-10-27 11:23:00 ----A---- C:\Windows\system32\ole32.dll
2010-10-27 11:22:59 ----A---- C:\Windows\system32\win32k.sys
2010-10-27 11:22:53 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-27 11:22:53 ----A---- C:\Windows\system32\comctl32.dll
2010-10-27 11:22:29 ----A---- C:\Windows\system32\StructuredQuery.dll
2010-10-27 10:37:09 ----SHD---- C:\Config.Msi
2010-10-26 19:41:57 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-10-26 19:41:56 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-10-26 19:41:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-26 19:39:39 ----D---- C:\Program Files\CCleaner
2010-10-26 13:16:24 ----D---- C:\Users\patrik\AppData\Roaming\SUPERAntiSpyware.com
2010-10-26 13:16:24 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-10-26 13:16:05 ----D---- C:\Program Files\SUPERAntiSpyware
2010-10-26 11:53:39 ----A---- C:\Windows\system32\iertutil.dll
2010-10-26 11:53:38 ----A---- C:\Windows\system32\mshtml.dll
2010-10-26 11:53:36 ----A---- C:\Windows\system32\ieframe.dll
2010-10-26 11:53:35 ----A---- C:\Windows\system32\wininet.dll
2010-10-26 11:53:35 ----A---- C:\Windows\system32\urlmon.dll
2010-10-26 11:53:35 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-26 11:53:35 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-26 11:53:35 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-26 11:53:34 ----A---- C:\Windows\system32\mstime.dll
2010-10-26 11:53:34 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-26 11:53:34 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-26 11:53:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-26 11:53:34 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-26 11:53:34 ----A---- C:\Windows\system32\ieui.dll
2010-10-26 11:53:34 ----A---- C:\Windows\system32\iepeers.dll
2010-10-26 11:53:23 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-26 11:53:23 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-26 11:53:23 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-26 11:53:23 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-25 18:15:57 ----D---- C:\Users\patrik\AppData\Roaming\GlarySoft
2010-10-25 18:06:47 ----D---- C:\Users\patrik\AppData\Roaming\ParetoLogic
2010-10-25 18:06:47 ----D---- C:\Users\patrik\AppData\Roaming\DriverCure
2010-10-25 14:48:22 ----A---- C:\Windows\isRS-000.tmp
2010-10-25 14:26:57 ----A---- C:\Windows\system32\schannel.dll
2010-10-25 10:13:43 ----ASH---- C:\pagefile.sys
2010-10-25 10:13:42 ----ASH---- C:\hiberfil.sys
2010-10-24 18:37:53 ----D---- C:\ProgramData\ParetoLogic
2010-10-24 18:37:53 ----D---- C:\ProgramData\FileCure
2010-10-24 16:44:32 ----D---- C:\Users\patrik\AppData\Roaming\Malwarebytes
2010-10-24 16:44:19 ----D---- C:\ProgramData\Malwarebytes
2010-10-24 09:03:57 ----D---- C:\rsit
2010-10-23 14:32:09 ----D---- C:\Program Files\Common Files\Intel
2010-10-23 14:32:06 ----D---- C:\Program Files\CounterPath
2010-10-23 01:32:05 ----D---- C:\Users\patrik\AppData\Roaming\VeskrnaMartin
2010-10-17 17:30:20 ----D---- C:\Windows\system32\AGEIA
2010-10-17 17:30:20 ----D---- C:\Program Files\AGEIA Technologies
2010-10-17 17:30:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-10-12 14:29:45 ----D---- C:\ProgramData\ESET
2010-10-12 14:29:45 ----D---- C:\Program Files\ESET
2010-10-10 15:22:44 ----D---- C:\Program Files\Common Files\Adobe
2010-10-10 15:22:44 ----D---- C:\Program Files\Adobe
2010-10-05 12:47:02 ----A---- C:\Windows\system32\tzres.dll
2010-10-05 12:46:59 ----A---- C:\Windows\system32\spoolsv.exe
2010-10-04 14:05:55 ----D---- C:\Users\patrik\AppData\Roaming\FontCreator
2010-09-14 12:50:27 ----D---- C:\Program Files\MSXML 4.0
2010-09-07 16:34:07 ----D---- C:\Users\patrik\AppData\Roaming\WinRAR
2010-09-07 16:29:05 ----D---- C:\Program Files\WinRAR
2010-08-31 20:53:07 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-08-31 20:52:47 ----D---- C:\Program Files\DAEMON Tools Lite
2010-08-31 20:47:33 ----D---- C:\ProgramData\NVIDIA Corporation
2010-08-30 01:04:54 ----D---- C:\Program Files\PLANstudio
2010-08-28 15:36:54 ----D---- C:\Users\patrik\AppData\Roaming\VitySoft
2010-08-28 15:36:21 ----D---- C:\ProgramData\Sun
2010-08-28 15:34:06 ----A---- C:\Windows\system32\deployJava1.dll
2010-08-24 22:24:54 ----D---- C:\Users\patrik\AppData\Roaming\Nero
2010-08-24 21:12:08 ----D---- C:\ProgramData\Nero
2010-08-24 21:12:02 ----D---- C:\Program Files\Common Files\Nero
2010-08-24 21:11:57 ----D---- C:\Program Files\Nero
2010-08-24 10:53:56 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-23 21:37:12 ----D---- C:\Users\patrik\AppData\Roaming\vlc
2010-08-23 16:25:37 ----D---- C:\Temp
2010-08-23 16:21:28 ----D---- C:\Program Files\Carambis
2010-08-23 15:17:33 ----D---- C:\Windows\system32\appmgmt
2010-08-16 18:57:52 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-08-16 18:57:41 ----D---- C:\ProgramData\FUJIFILM
2010-08-16 18:57:37 ----D---- C:\Program Files\FUJIFILM
2010-08-16 18:55:56 ----D---- C:\ProgramData\Apple
2010-08-15 17:37:54 ----D---- C:\Users\patrik\AppData\Roaming\skypePM
2010-08-15 17:23:18 ----D---- C:\Users\patrik\AppData\Roaming\Skype
2010-08-15 17:23:04 ----D---- C:\Program Files\Common Files\Skype
2010-08-15 17:23:02 ----RD---- C:\Program Files\Skype
2010-08-15 17:23:00 ----D---- C:\ProgramData\Skype
2010-08-13 08:55:15 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-13 08:55:12 ----A---- C:\Windows\system32\rtutils.dll
2010-08-13 08:55:12 ----A---- C:\Windows\system32\ir32_32.dll
2010-08-13 08:55:12 ----A---- C:\Windows\system32\iccvid.dll
2010-08-13 08:55:11 ----A---- C:\Windows\system32\msxml3.dll
2010-08-13 08:55:08 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-13 08:55:08 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-05 20:08:18 ----D---- C:\Users\patrik\AppData\Roaming\dvdcss
2010-08-03 12:13:49 ----A---- C:\Windows\system32\shell32.dll
2010-08-02 20:13:07 ----D---- C:\Windows\Minidump
2010-07-31 09:05:33 ----D---- C:\Users\patrik\AppData\Roaming\Mozilla
2010-07-31 09:05:33 ----D---- C:\ProgramData\ICQ
2010-07-29 13:31:26 ----A---- C:\Windows\system32\drivers\epfwwfpr.sys
2010-07-29 13:31:26 ----A---- C:\Windows\system32\drivers\ehdrv.sys
2010-07-29 13:31:26 ----A---- C:\Windows\system32\drivers\eamonm.sys
2010-07-29 13:15:30 ----D---- C:\Program Files\VideoLAN
======List of files/folders modified in the last 3 months======
2010-10-27 13:13:46 ----D---- C:\Windows\Temp
2010-10-27 13:04:23 ----D---- C:\Windows\Prefetch
2010-10-27 13:04:19 ----RD---- C:\Program Files
2010-10-27 12:39:55 ----D---- C:\Windows\system32\config
2010-10-27 11:30:09 ----D---- C:\Windows\System32
2010-10-27 11:30:09 ----D---- C:\Windows\inf
2010-10-27 11:30:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-27 11:26:07 ----D---- C:\Windows\winsxs
2010-10-27 11:25:58 ----D---- C:\Windows
2010-10-27 11:25:34 ----D---- C:\Program Files\Windows Media Player
2010-10-27 11:23:18 ----SHD---- C:\System Volume Information
2010-10-27 11:22:57 ----D---- C:\Windows\system32\catroot2
2010-10-27 11:22:57 ----D---- C:\Windows\system32\catroot
2010-10-27 10:39:36 ----SHD---- C:\Windows\Installer
2010-10-27 10:37:11 ----D---- C:\Windows\system32\Tasks
2010-10-27 10:36:53 ----D---- C:\Program Files\Common Files
2010-10-26 19:43:44 ----D---- C:\Windows\debug
2010-10-26 19:41:57 ----D---- C:\Windows\system32\drivers
2010-10-26 13:16:24 ----HD---- C:\ProgramData
2010-10-26 12:51:10 ----D---- C:\Windows\system32\LogFiles
2010-10-26 11:54:29 ----D---- C:\Windows\system32\migration
2010-10-26 11:54:29 ----D---- C:\Program Files\Internet Explorer
2010-10-25 22:38:12 ----D---- C:\Windows\Tasks
2010-10-25 20:47:29 ----D---- C:\Windows\system32\wbem
2010-10-25 20:46:07 ----D---- C:\Windows\system32\DriverStore
2010-10-25 20:46:07 ----D---- C:\Program Files\Ask.com
2010-10-25 20:46:06 ----D---- C:\Windows\registration
2010-10-25 14:27:45 ----D---- C:\ProgramData\Microsoft Help
2010-10-25 14:27:38 ----D---- C:\Windows\SoftwareDistribution
2010-10-25 11:31:59 ----SD---- C:\Users\patrik\AppData\Roaming\Microsoft
2010-10-25 11:28:02 ----D---- C:\Windows\system32\NDF
2010-10-25 11:11:29 ----D---- C:\Windows\system32\Msdtc
2010-10-25 10:21:33 ----D---- C:\Windows\Microsoft.NET
2010-10-25 10:20:56 ----RSD---- C:\Windows\assembly
2010-10-25 10:14:11 ----SHD---- C:\Recovery
2010-10-25 10:14:10 ----D---- C:\Windows\system32\Recovery
2010-10-25 10:13:46 ----D---- C:\Windows\CSC
2010-10-24 00:40:46 ----A---- C:\Windows\system32\MRT.exe
2010-10-23 01:32:03 ----RSD---- C:\Windows\Fonts
2010-10-20 08:27:45 ----SD---- C:\ProgramData\Microsoft
2010-10-20 07:58:56 ----D---- C:\Windows\system32\wfp
2010-10-20 07:58:56 ----D---- C:\Users\patrik\AppData\Roaming\uTorrent
2010-10-20 07:57:42 ----D---- C:\Users\patrik\AppData\Roaming\GHISLER
2010-10-19 11:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-10 15:22:46 ----D---- C:\ProgramData\Adobe
2010-10-06 13:57:34 ----D---- C:\Windows\rescache
2010-10-05 12:51:10 ----D---- C:\Windows\system32\sk-SK
2010-09-20 18:57:17 ----D---- C:\Windows\AppCompat
2010-08-31 20:50:21 ----D---- C:\ProgramData\NVIDIA
2010-08-31 20:47:55 ----D---- C:\Program Files\NVIDIA Corporation
2010-08-30 13:16:38 ----D---- C:\Program Files\uTorrent
2010-08-30 01:11:53 ----D---- C:\Windows\twain_32
2010-08-30 01:11:53 ----D---- C:\Windows\system
2010-08-24 10:52:39 ----D---- C:\Program Files\Common Files\microsoft shared
2010-08-23 16:29:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-16 19:02:09 ----D---- C:\Windows\system32\drivers\UMDF
2010-08-16 00:43:37 ----SHD---- C:\$Recycle.Bin
2010-08-15 14:46:24 ----D---- C:\Windows\Logs
2010-08-07 18:22:40 ----D---- C:\Windows\system32\wdi
2010-07-31 03:19:29 ----D---- C:\Program Files\Microsoft Works
2010-07-31 03:18:56 ----D---- C:\Program Files\Common Files\System
2010-07-31 03:18:56 ----A---- C:\Windows\win.ini
2010-07-31 02:35:25 ----D---- C:\Users\patrik\AppData\Roaming\Adobe
2010-07-29 13:51:01 ----D---- C:\Users\patrik\AppData\Roaming\DAEMON Tools Lite
2010-07-28 19:31:16 ----D---- C:\fotky
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-27 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-01-13 2304928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 av942tyk;av942tyk; C:\Windows\system32\drivers\av942tyk.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-07-27 16608]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF----------
dekuji za kontrolu log
je tam neco co neni vporatku?
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
za poslednich 5 dnu sem mnel 8 trojanu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
Zdravim a pekny den preji 
Poprosim i o druhy log z rsitu s nazvem info.txt, je ulozen v c:\rsit
Co jste s temi trojany delal, kde se nachazely 
Poprosim i o druhy log z rsitu s nazvem info.txt, je ulozen v c:\rsit Co jste s temi trojany delal, kde se nachazely "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
mno mam problemik ten druhy log info tam je len z 24.10.2010 neviem kde je ten s dnesneho dna, tak to spravim odznova a pridam ho tu,, a stymi trojanmi , tak asi 5 mi nasiel eset a su v karantene a dalsie nasiel malwarebytes anti malware a takties su v karantene a jeden mi nasiel superantispareware a taky je karantene, vobec ani netusim jestli muzu mit tolik antispywareov najednou,
-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
tak neviem ted, i kdyz sem to rsit sem udelal znova info txt tam je stale je z 24.10.2010
Re: za poslednich 5 dnu sem mnel 8 trojanu
Dejte sem i ten z toho 24.10., ten mi staci MBAM ani SAS nemaji rezidentni stit, takze je v PC mit muzete"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
a nachadzali sa tie co nasiel eset boli na D:\:windows\system3drivers\ulqyaoez.sys -jeho velkost bola 7680000 a duvod varianta infiltrace Win32/Bubnix.AW
dalsi bol na D:\program files\alwil software\avast4\DATA\moved\wczjgtqqnk.htm.vir jeho velkost bola 198144 duvod Win32\wigon.DC trojsky kon dalsi
D:\Users\patrik\AppData\Local\Microsoft\windows\temporary.internet Files\Content.IES\O8J6C8G3\admwk.htm velkost mal 71680 duvod Win32\Rootkit.Agent.NDR a dalsi 4 su na tej istej adrese len troska koncovka je jina a velkost 18432 dovud Win32\agent.QNF dalsi mnel velkost16384 duvod varianta infiltrace Win32/Kryptik.FPH dalsi mnel velikost 120832 duvod Win32/Peerfrag.FD cerv a dalsi mnel velikost 2020516 Win32/Rootkit.Agent.NPZ a takyto isty byl nalezen na D:\Users\Patrik|AppData\Local\Temp\mpaelv.exe s velkostou 200516 v tomto istom nazvu boli najdeny aj rootkit.Agent.NPZ taky tam byl i Kryptik.DHB s velkostou 84480 a taky jeden cerv peerfrag.FD s velkostou 120832 a este na D:\Users\Patrik\APPDATA\Local\microsoft\windows\temporary internet files\low\content.ie.20Phhy49\firefox%20setup%203.6.3.{1}.exe a volal sa Trojan.Agent/gen-banload to su tusim ze vsetky,,,
dalsi bol na D:\program files\alwil software\avast4\DATA\moved\wczjgtqqnk.htm.vir jeho velkost bola 198144 duvod Win32\wigon.DC trojsky kon dalsi
D:\Users\patrik\AppData\Local\Microsoft\windows\temporary.internet Files\Content.IES\O8J6C8G3\admwk.htm velkost mal 71680 duvod Win32\Rootkit.Agent.NDR a dalsi 4 su na tej istej adrese len troska koncovka je jina a velkost 18432 dovud Win32\agent.QNF dalsi mnel velkost16384 duvod varianta infiltrace Win32/Kryptik.FPH dalsi mnel velikost 120832 duvod Win32/Peerfrag.FD cerv a dalsi mnel velikost 2020516 Win32/Rootkit.Agent.NPZ a takyto isty byl nalezen na D:\Users\Patrik|AppData\Local\Temp\mpaelv.exe s velkostou 200516 v tomto istom nazvu boli najdeny aj rootkit.Agent.NPZ taky tam byl i Kryptik.DHB s velkostou 84480 a taky jeden cerv peerfrag.FD s velkostou 120832 a este na D:\Users\Patrik\APPDATA\Local\microsoft\windows\temporary internet files\low\content.ie.20Phhy49\firefox%20setup%203.6.3.{1}.exe a volal sa Trojan.Agent/gen-banload to su tusim ze vsetky,,,
-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
info.txt logfile of random's system information tool 1.08 2010-10-24 09:04:03
======Uninstall list======
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AntikVirtualSTB 10.1.7-->"C:\Program Files\AntikVirtualSTB\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Carambis Driver Updater-->MsiExec.exe /X{542068F1-9AAE-4E1B-8ACA-094FE03728BE}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
FUJIFILM MyFinePix Studio 1.0-->"C:\Program Files\FUJIFILM\MyFinePix Studio\unins000.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero BurnLite 10-->MsiExec.exe /I{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}
Nero BurnLite 10-->MsiExec.exe /X{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}
Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}
VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
X-Lite 3.0-->"C:\Program Files\CounterPath\X-Lite\unins000.exe"
======System event log======
Computer Name: patrik-PC
Event Code: 7030
Message: Služba avast! iAVS4 Control Service je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.
Record Number: 941
Source Name: Service Control Manager
Time Written: 20100727181616.789011-000
Event Type: Error
User:
Computer Name: patrik-PC
Event Code: 7030
Message: Služba avast! Antivirus je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.
Record Number: 939
Source Name: Service Control Manager
Time Written: 20100727181616.535996-000
Event Type: Error
User:
Computer Name: patrik-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 454
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100727115446.682405-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: patrik-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 450
Source Name: Microsoft-Windows-HAL
Time Written: 20100727075142.070140-000
Event Type: Error
User:
Computer Name: patrik-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 449
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100727075141.929740-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
=====Application event log=====
Computer Name: patrik-PC
Event Code: 6001
Message: Odberateľ upozornení prihlásenia do systému Windows <GPClient> zlyhal pri udalosti upozornenia.
Record Number: 192
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100727121607.000000-000
Event Type: Warning
User:
Computer Name: patrik-PC
Event Code: 1015
Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Record Number: 186
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100727121602.000000-000
Event Type: Warning
User:
Computer Name: patrik-PC
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 1040) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (10). User Action: Contact your application vendor for an updated version of the application.
Record Number: 165
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100727120541.867638-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: patrik-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 149
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100727070831.155189-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: patrik-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.
Record Number: 142
Source Name: Microsoft-Windows-Search
Time Written: 20100727070604.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: 37L4247D28-05
Event Code: 4735
Message: A security-enabled local group was changed.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Changed Attributes:
SAM Account Name: -
SID History: -
Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065612.495656-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4731
Message: A security-enabled local group was created.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7
New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Attributes:
SAM Account Name: Backup Operators
SID History: -
Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065612.495656-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4902
Message: The Per-user audit policy table was created.
Number of Elements: 0
Policy ID: 0x238dc
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065612.261655-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065610.826453-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065610.748453-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Teleca Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
-----------------EOF-----------------
======Uninstall list======
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AntikVirtualSTB 10.1.7-->"C:\Program Files\AntikVirtualSTB\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Carambis Driver Updater-->MsiExec.exe /X{542068F1-9AAE-4E1B-8ACA-094FE03728BE}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
FUJIFILM MyFinePix Studio 1.0-->"C:\Program Files\FUJIFILM\MyFinePix Studio\unins000.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero BurnLite 10-->MsiExec.exe /I{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}
Nero BurnLite 10-->MsiExec.exe /X{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}
Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}
VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
X-Lite 3.0-->"C:\Program Files\CounterPath\X-Lite\unins000.exe"
======System event log======
Computer Name: patrik-PC
Event Code: 7030
Message: Služba avast! iAVS4 Control Service je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.
Record Number: 941
Source Name: Service Control Manager
Time Written: 20100727181616.789011-000
Event Type: Error
User:
Computer Name: patrik-PC
Event Code: 7030
Message: Služba avast! Antivirus je označená ako interaktívna služba. Systém je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne nebude pracovať správne.
Record Number: 939
Source Name: Service Control Manager
Time Written: 20100727181616.535996-000
Event Type: Error
User:
Computer Name: patrik-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 454
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100727115446.682405-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: patrik-PC
Event Code: 12
Message: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
Record Number: 450
Source Name: Microsoft-Windows-HAL
Time Written: 20100727075142.070140-000
Event Type: Error
User:
Computer Name: patrik-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: Požadovaný názov je platný, no nenašli sa žiadne údaje požadovaného typu. (0x80072AFC)
Record Number: 449
Source Name: Microsoft-Windows-Time-Service
Time Written: 20100727075141.929740-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
=====Application event log=====
Computer Name: patrik-PC
Event Code: 6001
Message: Odberateľ upozornení prihlásenia do systému Windows <GPClient> zlyhal pri udalosti upozornenia.
Record Number: 192
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100727121607.000000-000
Event Type: Warning
User:
Computer Name: patrik-PC
Event Code: 1015
Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Record Number: 186
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100727121602.000000-000
Event Type: Warning
User:
Computer Name: patrik-PC
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 1040) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (10). User Action: Contact your application vendor for an updated version of the application.
Record Number: 165
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100727120541.867638-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: patrik-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 149
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100727070831.155189-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: patrik-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.
Record Number: 142
Source Name: Microsoft-Windows-Search
Time Written: 20100727070604.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: 37L4247D28-05
Event Code: 4735
Message: A security-enabled local group was changed.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Changed Attributes:
SAM Account Name: -
SID History: -
Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065612.495656-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4731
Message: A security-enabled local group was created.
Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7
New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin
Attributes:
SAM Account Name: Backup Operators
SID History: -
Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065612.495656-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4902
Message: The Per-user audit policy table was created.
Number of Elements: 0
Policy ID: 0x238dc
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065612.261655-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065610.826453-000
Event Type: Audit Success
User:
Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727065610.748453-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Teleca Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
-----------------EOF-----------------
Re: za poslednich 5 dnu sem mnel 8 trojanu
Mate (mel jste) tam mensi rodinku rootkitu, jeste to proverime 
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
mam win 7 a viem ze v nej je niekde windows defender ten ties vypnut ano? a jeste mozna to bude hloupa otazka ale jak se vypinaji take spyware? napr malware, nebo superantispyware, ccleaner je taky spyware?
Re: za poslednich 5 dnu sem mnel 8 trojanu
Jeste prejmenujte ComboFix na Beruska.com at nam jej treba rootkity nezablokuji SAS a MBAM vypnete tak, ze je normalne ukoncite CCleaner je cistic, ne antispyware WIN Defender: Start-Ovladaci panely-Windows Defender-Moznosti-Ochrana v realnem case-odkliknout Pouzit ochranu v realnem caseJinak navod na vetsinu anti??? programu mate zde http://www.bleepingcomputer.com/forums/topic114351.html
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
saakra ja to posraal, kdyz sem kliknul na odkaz na combofix tak m i to zacalo hned stahovat a nestihnul sem ani vypnut eset,, ale inak secke jde okrem miniaplikacii co som mal na plche,, posral jsem to moc nebo jenom kousek?? 
Re: za poslednich 5 dnu sem mnel 8 trojanu
Nechte to dobehnout, budem domazavat urcite, tak pak ho vypnete"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
no spravil som to podla navodu a tu je log
ComboFix 10-10-26.04 - patrik . 10. 2010 19:59:02.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.3070.2228 [GMT 2:00]
Running from: c:\users\patrik\Desktop\beruska.com
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.
2010-10-27 18:01 . 2010-10-27 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-27 17:55 . 2010-10-27 17:55 -------- d--h--w- c:\windows\PIF
2010-10-27 17:11 . 2010-10-27 18:01 -------- d-----w- c:\users\patrik\AppData\Local\temp
2010-10-27 11:04 . 2010-10-27 16:09 -------- d-----w- c:\program files\trend micro
2010-10-27 09:23 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-27 09:23 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-27 09:23 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-27 09:23 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-27 09:23 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-27 09:23 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-27 09:23 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-27 09:22 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-27 09:22 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-27 09:22 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-27 09:22 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-26 17:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 17:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 17:41 . 2010-10-26 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 17:39 . 2010-10-27 00:05 -------- d-----w- c:\program files\CCleaner
2010-10-26 11:16 . 2010-10-26 11:16 -------- d-----w- c:\users\patrik\AppData\Roaming\SUPERAntiSpyware.com
2010-10-26 11:16 . 2010-10-26 11:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-26 11:16 . 2010-10-26 11:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-26 09:54 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3622F814-C28F-47A9-8D16-42FD3B0D67E8}\mpengine.dll
2010-10-25 16:15 . 2010-10-25 16:15 -------- d-----w- c:\users\patrik\AppData\Roaming\GlarySoft
2010-10-25 16:06 . 2010-10-25 16:06 -------- d-----w- c:\users\patrik\AppData\Roaming\ParetoLogic
2010-10-25 16:06 . 2010-10-25 16:06 -------- d-----w- c:\users\patrik\AppData\Roaming\DriverCure
2010-10-25 12:48 . 2010-10-25 12:48 673280 ----a-w- c:\windows\isRS-000.tmp
2010-10-25 12:26 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-25 09:16 . 2010-10-25 09:17 -------- d-----w- c:\users\patrik\AppData\Local\ElevatedDiagnostics
2010-10-24 16:37 . 2010-10-25 16:19 -------- d-----w- c:\programdata\ParetoLogic
2010-10-24 16:37 . 2010-10-24 16:37 -------- d-----w- c:\programdata\FileCure
2010-10-24 14:44 . 2010-10-24 14:44 -------- d-----w- c:\users\patrik\AppData\Roaming\Malwarebytes
2010-10-24 14:44 . 2010-10-24 14:44 -------- d-----w- c:\programdata\Malwarebytes
2010-10-24 07:03 . 2010-10-27 16:08 -------- d-----w- C:\rsit
2010-10-23 15:51 . 2010-10-23 15:51 -------- d-----w- c:\users\patrik\AppData\Local\CounterPath
2010-10-23 12:32 . 2010-10-23 12:32 -------- d-----w- c:\program files\Common Files\Intel
2010-10-23 12:32 . 2010-10-23 12:32 -------- d-----w- c:\program files\CounterPath
2010-10-22 23:32 . 2010-10-22 23:32 -------- d-----w- c:\users\patrik\AppData\Roaming\VeskrnaMartin
2010-10-17 15:30 . 2010-10-17 15:30 -------- d-----w- c:\program files\AGEIA Technologies
2010-10-17 15:30 . 2010-10-17 15:30 -------- d-----w- c:\windows\system32\AGEIA
2010-10-17 15:30 . 2010-10-17 15:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-12 18:53 . 2010-10-12 18:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-10-12 18:53 . 2010-10-12 18:53 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-10-12 12:29 . 2010-10-26 09:49 -------- d-----w- c:\program files\ESET
2010-10-10 13:22 . 2010-10-10 13:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-05 10:47 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-05 10:46 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-04 12:06 . 2010-10-04 12:06 -------- d-----w- c:\users\patrik\AppData\Local\FontCreator
2010-10-04 12:05 . 2010-10-06 09:05 -------- d-----w- c:\users\patrik\AppData\Roaming\FontCreator
2010-10-03 09:28 . 2010-10-03 09:28 -------- d-----w- c:\users\patrik\AppData\Local\Diagnostics
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-07-27 07:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-29 23:11 . 2010-08-23 14:08 40960 ----a-r- c:\users\patrik\AppData\Roaming\Microsoft\Installer\{8527C3D5-BA1D-46E9-88D2-AF25544311A3}\NewShortcut3_8527C3D5BA1D46E988D2AF25544311A3.exe
2010-08-28 13:34 . 2010-08-28 13:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-23 19:30 . 2010-08-23 19:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-08-23 19:30 . 2010-08-23 19:30 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Device Detection"="c:\program files\FUJIFILM\MyFinePix Studio\dd.exe" [2010-10-04 401592]
"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2010-06-08 4973056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-13 1833504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-27 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
Contents of the 'Scheduled Tasks' folder
2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892172656-989301815-4191589665-1001Core.job
- c:\users\patrik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 14:23]
2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892172656-989301815-4191589665-1001UA.job
- c:\users\patrik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 14:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-27 20:02:09
ComboFix-quarantined-files.txt 2010-10-27 18:02
Pre-Run: 27 189 280 768 bytes free
Post-Run: 27 145 015 296 bytes free
- - End Of File - - 0C5C4964AFD265913847AEA30EC415AA
ComboFix 10-10-26.04 - patrik . 10. 2010 19:59:02.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.3070.2228 [GMT 2:00]
Running from: c:\users\patrik\Desktop\beruska.com
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.
((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.
2010-10-27 18:01 . 2010-10-27 18:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-27 17:55 . 2010-10-27 17:55 -------- d--h--w- c:\windows\PIF
2010-10-27 17:11 . 2010-10-27 18:01 -------- d-----w- c:\users\patrik\AppData\Local\temp
2010-10-27 11:04 . 2010-10-27 16:09 -------- d-----w- c:\program files\trend micro
2010-10-27 09:23 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-27 09:23 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-27 09:23 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-27 09:23 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-27 09:23 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-27 09:23 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-27 09:23 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-27 09:22 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-27 09:22 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-27 09:22 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-27 09:22 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-26 17:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 17:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-26 17:41 . 2010-10-26 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 17:39 . 2010-10-27 00:05 -------- d-----w- c:\program files\CCleaner
2010-10-26 11:16 . 2010-10-26 11:16 -------- d-----w- c:\users\patrik\AppData\Roaming\SUPERAntiSpyware.com
2010-10-26 11:16 . 2010-10-26 11:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-26 11:16 . 2010-10-26 11:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-26 09:54 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3622F814-C28F-47A9-8D16-42FD3B0D67E8}\mpengine.dll
2010-10-25 16:15 . 2010-10-25 16:15 -------- d-----w- c:\users\patrik\AppData\Roaming\GlarySoft
2010-10-25 16:06 . 2010-10-25 16:06 -------- d-----w- c:\users\patrik\AppData\Roaming\ParetoLogic
2010-10-25 16:06 . 2010-10-25 16:06 -------- d-----w- c:\users\patrik\AppData\Roaming\DriverCure
2010-10-25 12:48 . 2010-10-25 12:48 673280 ----a-w- c:\windows\isRS-000.tmp
2010-10-25 12:26 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-25 09:16 . 2010-10-25 09:17 -------- d-----w- c:\users\patrik\AppData\Local\ElevatedDiagnostics
2010-10-24 16:37 . 2010-10-25 16:19 -------- d-----w- c:\programdata\ParetoLogic
2010-10-24 16:37 . 2010-10-24 16:37 -------- d-----w- c:\programdata\FileCure
2010-10-24 14:44 . 2010-10-24 14:44 -------- d-----w- c:\users\patrik\AppData\Roaming\Malwarebytes
2010-10-24 14:44 . 2010-10-24 14:44 -------- d-----w- c:\programdata\Malwarebytes
2010-10-24 07:03 . 2010-10-27 16:08 -------- d-----w- C:\rsit
2010-10-23 15:51 . 2010-10-23 15:51 -------- d-----w- c:\users\patrik\AppData\Local\CounterPath
2010-10-23 12:32 . 2010-10-23 12:32 -------- d-----w- c:\program files\Common Files\Intel
2010-10-23 12:32 . 2010-10-23 12:32 -------- d-----w- c:\program files\CounterPath
2010-10-22 23:32 . 2010-10-22 23:32 -------- d-----w- c:\users\patrik\AppData\Roaming\VeskrnaMartin
2010-10-17 15:30 . 2010-10-17 15:30 -------- d-----w- c:\program files\AGEIA Technologies
2010-10-17 15:30 . 2010-10-17 15:30 -------- d-----w- c:\windows\system32\AGEIA
2010-10-17 15:30 . 2010-10-17 15:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-10-12 18:53 . 2010-10-12 18:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-10-12 18:53 . 2010-10-12 18:53 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-10-12 12:29 . 2010-10-26 09:49 -------- d-----w- c:\program files\ESET
2010-10-10 13:22 . 2010-10-10 13:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-05 10:47 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-05 10:46 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-04 12:06 . 2010-10-04 12:06 -------- d-----w- c:\users\patrik\AppData\Local\FontCreator
2010-10-04 12:05 . 2010-10-06 09:05 -------- d-----w- c:\users\patrik\AppData\Roaming\FontCreator
2010-10-03 09:28 . 2010-10-03 09:28 -------- d-----w- c:\users\patrik\AppData\Local\Diagnostics
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-07-27 07:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-29 23:11 . 2010-08-23 14:08 40960 ----a-r- c:\users\patrik\AppData\Roaming\Microsoft\Installer\{8527C3D5-BA1D-46E9-88D2-AF25544311A3}\NewShortcut3_8527C3D5BA1D46E988D2AF25544311A3.exe
2010-08-28 13:34 . 2010-08-28 13:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-23 19:30 . 2010-08-23 19:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-08-23 19:30 . 2010-08-23 19:30 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Device Detection"="c:\program files\FUJIFILM\MyFinePix Studio\dd.exe" [2010-10-04 401592]
"Driver Updater"="c:\program files\Carambis\Driver Updater\dupdater.exe" [2010-06-08 4973056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-13 1833504]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-27 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
Contents of the 'Scheduled Tasks' folder
2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892172656-989301815-4191589665-1001Core.job
- c:\users\patrik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 14:23]
2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3892172656-989301815-4191589665-1001UA.job
- c:\users\patrik\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 14:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-27 20:02:09
ComboFix-quarantined-files.txt 2010-10-27 18:02
Pre-Run: 27 189 280 768 bytes free
Post-Run: 27 145 015 296 bytes free
- - End Of File - - 0C5C4964AFD265913847AEA30EC415AA
-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
aa este na zaciatku ked uz bezal proces vyskocilo okno ze prestal p[racovat program PEV, ani netusim ze taky progmam mam 
-
parahybana
- Návštěvník
- Příspěvky: 41
- Registrován: 27 říj 2010 12:10
Re: za poslednich 5 dnu sem mnel 8 trojanu
a inak v C-cku mi pribudli dalsie priecinky suborov napr ako Boot, MSOcache, program data, qoobox, recovery, co sou zac?
Přispějete na provoz fóra?