Prosim o pomoc pri odtrsneni viru olmarik.aya

Zpráva

Lestatos · #1 Příspěvek od **Lestatos** » 12 led 2012 16:36

virus je v prvom sektore bootovacej stopy, HD som pripojil na durhy PC aby som sa vobec dostal ki kontrole , NOD nevie tento virus odstranit koli opravneniam . Prosim o radu co robit. prikladam log z rsit.

info.txt logfile of random's system information tool 1.09 2012-01-12 16:34:20

======Uninstall list======

-->C:\WINDOWS\ISUN041B.EXE -fc:\pc-form\Exp10\Uninst.isu -cc:\pc-form\Exp10\Uninst.dll
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}
3GP Player 2010-->"C:\Program Files\3GPplayer2010\unins000.exe"
Abdio Free 3GP Player (Free)-->C:\PROGRA~1\Abdio\ABDIOF~1\UNWISE.EXE C:\PROGRA~1\Abdio\ABDIOF~1\INSTALL.LOG
ACDSee 5.0 PowerPack-->MsiExec.exe /I{5058B085-AA79-41E5-A726-681B4C4B846E}
Active GIF Creator 3.4-->"C:\Program Files\Active GIF Creator 3.4\uninstall.exe"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader 9.4.7 - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-A94000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems HDA Modem-->agrsmdel
ALFA 17.52.00-->MsiExec.exe /I{69E369F1-6A92-47B5-86D5-474A7E06B3DC}
Ashampoo Burning Studio 10.0.4-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 10\unins000.exe"
Ashampoo Burning Studio 6 FREE-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5-->MsiExec.exe /I{E031338C-839D-4EDD-9537-99B653C39D81}
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
AVS Media Player 3.1-->"C:\Program Files\AVS4YOU\AVSMediaPlayer\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
COM Port Stress Test-->"C:\Program Files\COM Port Stress Test\unins000.exe"
CrystalDiskInfo 4.1.4-->"C:\Program Files\CrystalDiskInfo\unins000.exe"
CursorFX-->"C:\Documents and Settings\All Users\Application Data\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.exe" REMOVE=TRUE MODIFY=FALSE
CursorFX-->C:\Documents and Settings\All Users\Application Data\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.exe
CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DeviceManager-->"C:\Program Files\eInstruction\Device Manager\Uninstall\Uninstall_DeviceManager.exe"
Direct Satellite PC v2.0.5.0-->"C:\Program Files\Direct Satellite PC\unins000.exe"
DivX Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Doplnok Microsoft Save as PDF pre programy balíka 2007 Microsoft Office-->MsiExec.exe /X{90120000-00B0-041B-0000-0000000FF1CE}
DreamBoxEdit -- The one and only settings editor for your Dreambox-->C:\Program Files\DreamBoxEdit\uninstall.exe
Easy Interactive Driver Ver.1.02-->"C:\Program Files\InstallShield Installation Information\{2CDF6C08-EF9B-422B-939A-9F9361F9EAD9}\setup.exe" -runfromtemp -l1051 -removeonly -uninst
Easy Interactive Tools Ver.1.00-->"C:\Program Files\InstallShield Installation Information\{2E964C61-DFD3-4537-9658-5DC998939BC0}\setup.exe" -runfromtemp -l0x001b -removeonly
Elcomm-->"C:\Program Files\Elcom\Elcomm\Elcomm_uninstaller.exe"
EPSON USB Display-->C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDUi.exe
Excel v príkladoch 1.0-->C:\WINDOWS\IsUn041b.exe -fc:\pc-form\Exp10\Uninst.isu
eXe -- eLearning XHTML editor-->C:\Program Files\exe\uninstall.exe
Free DWG Viewer 7.0-->"C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -runfromtemp -l0x0409 -removeonly
Free SMTP Server-->"C:\Program Files\Free SMTP Server\unins000.exe"
FreeOCR 3.0-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{108A3~1\Setup.exe /remove /q0
GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Zem-->MsiExec.exe /X{BF1EC9C0-9C10-11DF-BBC7-005056C00008}
HD Pack 1.0-->C:\WINDOWS\system32\Codec\HDPack_Uninstall.exe
HDD Regenerator-->MsiExec.exe /X{B7C076CA-126E-497C-8724-B589F54031AF}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\WINDOWS\system32\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB958655-v2)-->"C:\WINDOWS\$NtUninstallKB958655-v2$\spuninst\spuninst.exe"
HP BatteryCheck 1.00 A7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9 -removeonly uninst
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Quick Launch Buttons 6.00 D2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe" -l0x1b -removeonly uninst
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
HP Wireless Assistant 2.00 E1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x9 hpquninst
ChemToolBox version 1.1.0-->"C:\Program Files\ChemToolBox\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Interwrite Workspace-->MsiExec.exe /I{4DAA2ECD-6350-4329-A8C0-5A5CAF669AE6}
Japanese Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003}
Java DB 10.5.3.0-->MsiExec.exe /X{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java(TM) SE Development Kit 6 Update 20-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160200}
Logo Design Studio Trial-->"C:\WINDOWS\Logo Design Studio Trial\uninstall.exe" "/U:C:\Program Files\Summitsoft\Logo Design Studio Trial\Uninstall\uninstallLDSPro.xml"
Lotus Notes 8.5.1 sk-->MsiExec.exe /X{84A2B7E8-5A9C-43FE-952C-F21C2060C178}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Report Viewer Redistributable 2008 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2008 (KB971119)\install.exe
Microsoft ReportViewer 2010 SP1 Redistributable-->MsiExec.exe /X{72DEBE5A-5667-3966-8E8D-2FD5FBCCB7DD}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 R2 Native Client-->MsiExec.exe /I{4AB6A079-178B-4144-B21F-4D1AE71666A2}
Microsoft SQL Server 2008 R2 Policies-->MsiExec.exe /I{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}
Microsoft SQL Server 2008 R2 RsFx Driver-->MsiExec.exe /I{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}
Microsoft SQL Server 2008 R2 Setup (English)-->MsiExec.exe /X{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}
Microsoft SQL Server 2008 R2-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\SetupARP.exe" /X86
Microsoft SQL Server 2008 R2-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\SetupARP.exe" /x86
Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{D441BD04-E548-4F8E-97A4-1B66135BAAA8}
Microsoft SQL Server Browser-->MsiExec.exe /X{BF9BF038-FE03-429D-9B26-2FA0FD756052}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU-->MsiExec.exe /I{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}
Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}
Microsoft_VC100_CRT_SP1_x86-->MsiExec.exe /I{E3B64CC5-C011-40C0-92BC-7316CD5E5688}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mobile Witch Remote Control-->C:\Program Files\Mobile Witch Remote Control\uninstall.exe
MOBILedit! 4.0-->RunDll32 C:\PROGRA~1\MOBILE~1\Setup\Setup.dll,RemoveOnly
Mozilla Firefox 8.0 (x86 sk)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MV2Player (remove only)-->C:\Program Files\Mv2Player\uninst.exe
netloader-->C:\Program Files\netloader.in\netloader[1].exe /d
Nokia Connectivity Cable Driver-->MsiExec.exe /I{AF88496B-4BBA-4922-97E9-2582D3A28358}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{18756A46-652E-4ED4-A029-C4940D59F09B}\Nokia_PC_Suite_slk_web.exe
Nokia PC Suite-->MsiExec.exe /I{18756A46-652E-4ED4-A029-C4940D59F09B}
Nokia Suite-->C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\Installer.exe
Nokia Suite-->MsiExec.exe /X{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}
Opera 11.60-->"C:\Program Files\Opera\Opera.exe" /uninstall
PC Connectivity Solution-->MsiExec.exe /I{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}
PCEditor 1.2.60-->"C:\Program Files\Relook PCEditor\unins000.exe"
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PL-2303 USB-to-Serial-->"C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\setup.exe" -runfromtemp -l0x0009 -removeonly
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
Response-->MsiExec.exe /X{B4B49D05-5432-463F-884A-35EB19D7B74F}
S3D Web Player-->C:\Documents and Settings\Milan Droppa\Application Data\StoneTrip\Web Player\S3D Web Player-uninst.exe
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.5-->MsiExec.exe /X{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}
Sony Ericsson PC Companion 2.01.217-->"C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0009 -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
SQL Server 2008 R2 Common Files-->MsiExec.exe /I{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}
SQL Server 2008 R2 Common Files-->MsiExec.exe /I{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}
SQL Server 2008 R2 Database Engine Services-->MsiExec.exe /I{4112625F-2D38-49EF-924F-48511BC5CD34}
SQL Server 2008 R2 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
SQL Server 2008 R2 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
SQL Server 2008 R2 Database Engine Services-->MsiExec.exe /I{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}
SQL Server 2008 R2 Database Engine Shared-->MsiExec.exe /I{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}
SQL Server 2008 R2 Database Engine Shared-->MsiExec.exe /I{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}
SQL Server 2008 R2 Management Studio-->MsiExec.exe /I{020617D7-2F72-4D02-BF59-A5CBC1761177}
SQL Server 2008 R2 Management Studio-->MsiExec.exe /I{121475F5-2598-4574-8801-8F6B3D6A99BB}
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{93998800-1608-403F-9A51-420A77D23C25}
Starcraft Brood War (RAZOR 1911)-->C:\WINDOWS\rzrunins.exe D:\BROOD\rzrunins.log
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TAP System-->MsiExec.exe /I{FEECE4C6-26BD-42A3-AE34-3613FAAAA3D9}
tools-freebsd-->MsiExec.exe /X{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}
tools-linux-->MsiExec.exe /X{D102611A-6466-4101-A51D-51069303AC65}
tools-netware-->MsiExec.exe /X{197597A7-AD33-4898-9D8E-73066818B464}
tools-solaris-->MsiExec.exe /X{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}
tools-windows-->MsiExec.exe /X{FFD9383C-01D5-4897-A954-43AF599AED30}
tools-winPre2k-->MsiExec.exe /X{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
TX Text Control 16.0.NET for Windows Forms-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33B032B6-F9B7-4BF5-8D78-FD7021027F89}\setup.exe" -l0x9 -removeonly
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Video Viewer-->"C:\Program Files\VideoViewer\un_Video Viewer Setup_24354.exe"
VLC media player 1.1.7-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VMware Workstation-->C:\Documents and Settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe -x
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem (03/15/2010 4.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_BB31B421D7FB40A3FBE2494F34F4B4C8BE693DF9\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/15/2010 7.01.0.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_2CDEE77690404245452284973153A7CAF1D83847\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
WMouseXP Presenter-Remote-->MsiExec.exe /I{B4385796-F90B-47BA-82C6-D359C4D05FA7}
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
XML Marker version 2.0-->"C:\Program Files\XML Marker 2\unins000.exe"
YouTube Downloader 2.6.5-->"C:\Program Files\YouTube Downloader\uninstall.exe"

======Hosts File======

127.0.0.1 activate.adobe.com

======Security center information======

AV: ESET Smart Security 4.0
FW: ESET personal firewall

======System event log======

Computer Name: GAMO-LM
Event Code: 4201
Message: Systém rozpoznal, že sieťový adaptér \DEVICE\TCPIP_{98B218A1-A92F-447C-B11A-7F9C00864208} sa pripojil k sieti
a inicializoval normálnu činnosť cez sieťový adaptér.

Record Number: 35631
Source Name: Tcpip
Time Written: 20120104222326.000000+060
Event Type: informácie
User:

Computer Name: GAMO-LM
Event Code: 4201
Message: Systém rozpoznal, že sieťový adaptér \DEVICE\TCPIP_{98B218A1-A92F-447C-B11A-7F9C00864208} sa pripojil k sieti
a inicializoval normálnu činnosť cez sieťový adaptér.

Record Number: 35630
Source Name: Tcpip
Time Written: 20120104222321.000000+060
Event Type: informácie
User:

Computer Name: GAMO-LM
Event Code: 4201
Message: Systém rozpoznal, že sieťový adaptér \DEVICE\TCPIP_{98B218A1-A92F-447C-B11A-7F9C00864208} sa pripojil k sieti
a inicializoval normálnu činnosť cez sieťový adaptér.

Record Number: 35629
Source Name: Tcpip
Time Written: 20120104222256.000000+060
Event Type: informácie
User:

Computer Name: GAMO-LM
Event Code: 4201
Message: Systém rozpoznal, že sieťový adaptér \DEVICE\TCPIP_{98B218A1-A92F-447C-B11A-7F9C00864208} sa pripojil k sieti
a inicializoval normálnu činnosť cez sieťový adaptér.

Record Number: 35628
Source Name: Tcpip
Time Written: 20120104222226.000000+060
Event Type: informácie
User:

Computer Name: GAMO-LM
Event Code: 4201
Message: Systém rozpoznal, že sieťový adaptér \DEVICE\TCPIP_{98B218A1-A92F-447C-B11A-7F9C00864208} sa pripojil k sieti
a inicializoval normálnu činnosť cez sieťový adaptér.

Record Number: 35627
Source Name: Tcpip
Time Written: 20120104222206.000000+060
Event Type: informácie
User:

=====Application event log=====

Computer Name: GAMO-LM
Event Code: 17137
Message: Starting up database 'master'.

Record Number: 5371
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111209230010.000000+060
Event Type: informácie
User:

Computer Name: GAMO-LM
Event Code: 17152
Message: Node configuration: node 0: CPU mask: 0x00000003:0 Active CPU mask: 0x00000003:0. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.

Record Number: 5370
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111209230010.000000+060
Event Type: informácie
User:

Computer Name: GAMO-LM
Event Code: 17125
Message: Using dynamic lock allocation. Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node. This is an informational message only. No user action is required.

Record Number: 5369
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111209230010.000000+060
Event Type: informácie
User:

Computer Name: GAMO-LM
Event Code: 17164
Message: Detected 2 CPUs. This is an informational message; no user action is required.

Record Number: 5368
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111209230009.000000+060
Event Type: informácie
User:

Computer Name: GAMO-LM
Event Code: 17162
Message: SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.

Record Number: 5367
Source Name: MSSQL$SQLEXPRESS
Time Written: 20111209230009.000000+060
Event Type: informácie
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Lestatos · #2 Příspěvek od **Lestatos** » 17 led 2012 13:56

ospravedlnujem sa ale musel som prerusit komunikaciu , Notebook sa vobec nedal ovladat tak mi moj priatel pomohol ho aspon sprevadzkovat, teraz vkladam log z RSIT , myslim ze tam este je co docistiovat, dakujem a este raz sa ospravedlnujem .

Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2010-12-24 10:14:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (13%) free of 76 GB
Total RAM: 734 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:07, on 24. 12. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OVISLINK\Common\AirliveUI.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {399d96ca-6f9a-4fff-95fe-284e45ebb935} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-606747145-1708537768-854245398-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\OVISLINK\Common\AirliveUI.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\User\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\User\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe

--
End of file - 4865 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{399d96ca-6f9a-4fff-95fe-284e45ebb935}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2010-10-24 40432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2
"hpqwmi"=3
"avg8wd"=2
"avg8emc"=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
AirLive 802.11G Wireless Utility.lnk - C:\Program Files\OVISLINK\Common\AirliveUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\User\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\User\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-24 10:14:58 ----D---- C:\rsit
2010-12-24 10:00:16 ----D---- C:\Program Files\CCleaner
2010-12-24 08:06:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-24 08:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-24 08:05:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-24 08:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-24 08:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-24 08:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-24 08:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-23 18:51:41 ----SHD---- C:\RECYCLER
2010-12-23 18:01:31 ----A---- C:\TDSSKiller.2.4.12.0_23.12.2010_18.01.31_log.txt
2010-12-13 23:21:04 ----A---- C:\WINDOWS\system32\333.js
2010-12-05 11:32:12 ----A---- C:\WINDOWS\crywmvtoavi.ini
2010-12-05 11:04:01 ----D---- C:\My Video
2010-12-05 09:25:10 ----D---- C:\Program Files\Crystal Software
2010-12-02 14:15:34 ----D---- C:\Program Files\ConduitEngine

======List of files/folders modified in the last 1 months======

2010-12-24 10:15:07 ----D---- C:\Program Files\Trend Micro
2010-12-24 10:11:08 ----SHD---- C:\WINDOWS\Installer
2010-12-24 10:11:08 ----D---- C:\Program Files\Common Files
2010-12-24 10:11:07 ----RD---- C:\Program Files
2010-12-24 10:11:07 ----D---- C:\WINDOWS
2010-12-24 10:11:07 ----D---- C:\Config.Msi
2010-12-24 10:10:41 ----D---- C:\Program Files\The Bat!
2010-12-24 10:10:09 ----D---- C:\Program Files\Record-Anything
2010-12-24 10:09:04 ----AD---- C:\WINDOWS\temp
2010-12-24 10:08:46 ----D---- C:\Program Files\RadarSync
2010-12-24 10:08:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-24 10:07:12 ----D---- C:\WINDOWS\system32
2010-12-24 10:02:28 ----D---- C:\WINDOWS\Debug
2010-12-24 09:53:15 ----D---- C:\WINDOWS\Minidump
2010-12-24 09:52:36 ----D---- C:\WINDOWS\Prefetch
2010-12-24 08:06:08 ----HD---- C:\WINDOWS\inf
2010-12-24 08:06:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-24 08:05:36 ----D---- C:\WINDOWS\system32\drivers
2010-12-24 08:05:32 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-24 08:04:56 ----D---- C:\WINDOWS\system32\en-US
2010-12-24 08:04:56 ----D---- C:\Program Files\Internet Explorer
2010-12-24 08:04:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-24 08:01:29 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-24 08:01:17 ----D---- C:\Program Files\Outlook Express
2010-12-24 00:04:19 ----D---- C:\Program Files\PokerStars
2010-12-23 21:01:03 ----D---- C:\Documents and Settings\User\Application Data\Skype
2010-12-23 21:00:42 ----D---- C:\Documents and Settings\User\Application Data\skypePM
2010-12-23 17:41:36 ----A---- C:\WINDOWS\system.ini
2010-12-23 17:41:03 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-23 17:40:24 ----SD---- C:\WINDOWS\Tasks
2010-12-23 17:38:22 ----D---- C:\WINDOWS\AppPatch
2010-12-23 17:29:07 ----D---- C:\Program Files\QuickTime
2010-12-23 08:38:28 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2010-12-16 06:42:00 ----D---- C:\Program Files\Absolute Poker
2010-12-14 16:04:52 ----D---- C:\Program Files\MP3MyMP3 3.0
2010-12-10 23:29:20 ----D---- C:\Program Files\FlashGet
2010-12-10 17:30:19 ----D---- C:\Downloads
2010-12-07 16:34:51 ----D---- C:\WINDOWS\system32\config
2010-12-07 16:34:36 ----D---- C:\WINDOWS\system32\wbem
2010-12-07 16:34:35 ----D---- C:\WINDOWS\Registration
2010-12-07 16:33:59 ----D---- C:\WINDOWS\system32\Restore
2010-12-05 09:22:53 ----D---- C:\Program Files\Instal
2010-12-02 19:58:19 ----D---- C:\WINDOWS\WinSxS
2010-12-01 18:48:28 ----D---- C:\Program Files\Yahoo!
2010-12-01 06:59:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2010-11-30 23:58:46 ----D---- C:\Documents and Settings\User\Application Data\dvdcss
2010-11-30 22:36:31 ----D---- C:\Program Files\Full Tilt Poker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-16 21419]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2004-06-28 292864]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2004-06-28 276480]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
R3 RT73;AirLive WT-2000USB; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-09-30 451968]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-04 186016]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-17 98304]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Lestatos · #3 Příspěvek od **Lestatos** » 17 led 2012 15:59

Kód: Vybrat vše

MBRScan v1.0.6

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 9 Stepping 5, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/01/17 (ISO 8601) at 15:58:51
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD800BEVE-00UYT0 (01.04A01)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	74.53 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 8E75A6509250B2124427DD3BB82995F7
MBR_SHA1  : 1BED5B7C282ABC3D059D92893BC5405AAC164080

Device\Harddisk0\Partition1	74.52 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________


_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 0E 88 0E 88 00 00 80 01   .....,Dc........
0x000001C0   01 00 07 EF FF FF 3F 00 00 00 C1 A5 50 09 00 00   ...ï..?...Á¥P...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Lestatos · #4 Příspěvek od **Lestatos** » 17 led 2012 17:47

ComboFix 12-01-17.01 - User . 01. 2012 17:17:57.13.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.734.69 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Application Data\Microsoft\~DFK568d9b0.tmp
c:\documents and settings\User\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\User\Application Data\Microsoft\bass.dll
c:\documents and settings\User\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\User\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\User\Application Data\Microsoft\peaadje.dll
c:\documents and settings\User\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\User\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\User\Desktop\System Check.lnk
c:\documents and settings\User\Local Settings\Application Data\assembly\tmp
c:\documents and settings\User\Start Menu\Programs\System Check
c:\documents and settings\User\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\User\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\program files\Setup.exe
C:\test.txt
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 09:58 . 2012-01-17 09:58 56200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C00647BC-F8D3-45D1-B973-FBB5F23928B3}\offreg.dll
2012-01-17 09:58 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C00647BC-F8D3-45D1-B973-FBB5F23928B3}\mpengine.dll
2012-01-15 16:08 . 2012-01-15 16:08 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Amazon
2012-01-15 16:08 . 2012-01-15 16:08 -------- d-----w- c:\program files\Amazon
2012-01-15 16:04 . 2012-01-15 16:08 24334368 ----a-w- C:\KindleForPC-installer.exe
2012-01-10 20:49 . 2012-01-10 20:49 -------- d-----w- c:\program files\Tracker Software
2012-01-10 19:50 . 2012-01-10 19:56 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\DC++
2012-01-10 19:50 . 2012-01-10 19:56 -------- d-----w- c:\documents and settings\User\Application Data\DC++
2012-01-10 19:47 . 2012-01-10 19:48 -------- d-----w- c:\program files\DC++
2012-01-05 07:00 . 2012-01-05 07:00 -------- d-----w- C:\485ba1852f2ff01df3
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-29 10:31 . 2011-12-29 10:31 -------- d-----w- c:\documents and settings\User\Calibre Library
2011-12-29 10:30 . 2011-12-29 10:39 -------- d-----w- c:\documents and settings\User\Application Data\calibre
2011-12-29 10:29 . 2011-12-29 10:30 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 13:00 . 2011-12-17 12:52 118087139 ----a-w- c:\program files\Holdem_Manager_Setup1.12.08.exe
2011-11-25 21:57 . 2008-11-12 02:20 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-11-12 02:20 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-09-21 19:39 6823496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 12:35 . 2008-11-12 02:21 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-11-12 02:22 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-11-12 02:20 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-13 16:17 . 2011-08-20 19:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2008-11-12 02:21 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-11-12 02:21 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-11-12 02:21 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2008-11-12 02:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2008-11-12 02:21 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2008-11-12 02:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2008-11-12 02:20 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-11-12 02:20 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2011-08-07 18:35 . 2011-08-07 18:27 121360126 ----a-w- c:\program files\Holdem_Manager_Setup_1.11.07b.exe
2011-08-07 16:46 . 2011-08-07 16:46 600944 ----a-w- c:\program files\gappsconnectsetup.exe
2011-08-07 15:43 . 2011-08-07 15:39 58368499 ----a-w- c:\program files\Hm_1.11.07b.exe
2011-06-09 12:06 . 2011-06-09 12:05 23360000 ----a-w- c:\program files\Livestation-3.2.0.msi
2010-04-20 11:25 . 2010-04-16 16:47 27617116 ----a-w- c:\program files\HmBetaUpdate.exe
2010-04-15 11:42 . 2010-03-14 10:10 1924976 ----a-w- c:\program files\install_flash_player.exe
2009-06-30 08:29 . 2009-06-30 08:29 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-06-28 08:16 . 2009-06-28 08:16 812344 ----a-w- c:\program files\HJTInstall.exe
2009-06-28 08:09 . 2009-05-26 06:01 31863808 -c--a-w- c:\program files\eav_nt32_csy.msi
2009-06-09 14:20 . 2009-06-09 14:14 21646127 ----a-w- c:\program files\scribus-1.3.3.13-win32-install.exe
2009-06-09 12:51 . 2009-06-09 12:49 3371384 ----a-w- c:\program files\mbam-setup.exe
2009-06-07 10:24 . 2009-06-07 10:24 1815369 ----a-w- c:\program files\gbgallerylitesetup.exe
2009-05-26 06:42 . 2009-05-26 06:41 1880289 ----a-w- c:\program files\radarsync.exe
2009-05-24 05:35 . 2009-05-24 05:35 453824 ----a-w- c:\program files\driveragent_488.exe
2009-05-19 12:26 . 2009-05-19 12:24 10143072 ----a-w- c:\program files\AbsolutePoker8_7_6.exe
2009-05-18 15:11 . 2009-05-18 15:09 10770432 -c--a-w- c:\program files\LogMeIn.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-13_08.52.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-15 09:52 . 2012-01-15 09:52 16384 c:\windows\temp\Perflib_Perfdata_778.dat
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Livestation"="c:\program files\Livestation\Livestation.exe" [2010-06-24 4657152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\User\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
.
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [1. 12. 2011 15:19 2916736]
S1 MpKsl181d04f2;MpKsl181d04f2;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKsl181d04f2.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKsl181d04f2.sys [?]
S1 MpKsl488736dc;MpKsl488736dc;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl488736dc.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl488736dc.sys [?]
S1 MpKsl7f208745;MpKsl7f208745;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl7f208745.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl7f208745.sys [?]
S1 MpKslbc0a01b9;MpKslbc0a01b9;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKslbc0a01b9.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKslbc0a01b9.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7. 8. 2011 17:46 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7. 8. 2011 17:46 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [21. 6. 2011 13:28 18432]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [30. 3. 2011 12:05 25088]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [24. 5. 2009 6:35 23600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 16:46]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 16:46]
.
2012-01-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 17:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(472)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2012-01-17 17:40:50
ComboFix-quarantined-files.txt 2012-01-17 16:40
ComboFix2.txt 2012-01-13 08:57
.
Pre-Run: 13 502 234 624 bytes free
Post-Run: 13 508 440 064 bytes free
.
- - End Of File - - 7CD239DE610CDB8C2D93B343E1C34EF1

Lestatos · #5 Příspěvek od **Lestatos** » 25 led 2012 11:10

ComboFix 12-01-23.02 - User . 01. 2012 8:22.15.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.734.377 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 06:30 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9497BF8-0CA1-4880-8D96-72C719DF2AB9}\mpengine.dll
2012-01-19 22:26 . 2012-01-19 22:26 34048 ----a-w- c:\windows\system32\drivers\Rvfssec.sys
2012-01-19 22:26 . 2012-01-19 22:26 65432 ----a-w- c:\windows\system32\drivers\Rvsystem.sys
2012-01-19 22:26 . 2012-01-19 22:27 -------- d-----w- C:\RETURNIL
2012-01-19 22:26 . 2012-01-19 22:26 -------- d-----w- c:\program files\Returnil Virtual System Lite 2011
2012-01-15 16:08 . 2012-01-15 16:08 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Amazon
2012-01-15 16:08 . 2012-01-15 16:08 -------- d-----w- c:\program files\Amazon
2012-01-15 16:04 . 2012-01-15 16:08 24334368 ----a-w- C:\KindleForPC-installer.exe
2012-01-10 20:49 . 2012-01-10 20:49 -------- d-----w- c:\program files\Tracker Software
2012-01-10 19:50 . 2012-01-10 19:56 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\DC++
2012-01-10 19:50 . 2012-01-10 19:56 -------- d-----w- c:\documents and settings\User\Application Data\DC++
2012-01-10 19:47 . 2012-01-10 19:48 -------- d-----w- c:\program files\DC++
2012-01-05 07:00 . 2012-01-23 14:32 -------- d-----w- C:\485ba1852f2ff01df3
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-29 10:31 . 2011-12-29 10:31 -------- d-----w- c:\documents and settings\User\Calibre Library
2011-12-29 10:30 . 2011-12-29 10:39 -------- d-----w- c:\documents and settings\User\Application Data\calibre
2011-12-29 10:29 . 2011-12-29 10:30 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 04:19 . 2011-09-21 19:39 6557240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-17 13:00 . 2011-12-17 12:52 118087139 ----a-w- c:\program files\Holdem_Manager_Setup1.12.08.exe
2011-11-25 21:57 . 2008-11-12 02:20 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-11-12 02:20 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-11-12 02:21 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-11-12 02:22 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-11-12 02:20 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-13 16:17 . 2011-08-20 19:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2008-11-12 02:21 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-11-12 02:21 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-11-12 02:21 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2008-11-12 02:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2008-11-12 02:21 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2008-11-12 02:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-08-07 18:35 . 2011-08-07 18:27 121360126 ----a-w- c:\program files\Holdem_Manager_Setup_1.11.07b.exe
2011-08-07 16:46 . 2011-08-07 16:46 600944 ----a-w- c:\program files\gappsconnectsetup.exe
2011-08-07 15:43 . 2011-08-07 15:39 58368499 ----a-w- c:\program files\Hm_1.11.07b.exe
2011-06-09 12:06 . 2011-06-09 12:05 23360000 ----a-w- c:\program files\Livestation-3.2.0.msi
2010-04-20 11:25 . 2010-04-16 16:47 27617116 ----a-w- c:\program files\HmBetaUpdate.exe
2010-04-15 11:42 . 2010-03-14 10:10 1924976 ----a-w- c:\program files\install_flash_player.exe
2009-06-30 08:29 . 2009-06-30 08:29 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-06-28 08:16 . 2009-06-28 08:16 812344 ----a-w- c:\program files\HJTInstall.exe
2009-06-28 08:09 . 2009-05-26 06:01 31863808 -c--a-w- c:\program files\eav_nt32_csy.msi
2009-06-09 14:20 . 2009-06-09 14:14 21646127 ----a-w- c:\program files\scribus-1.3.3.13-win32-install.exe
2009-06-09 12:51 . 2009-06-09 12:49 3371384 ----a-w- c:\program files\mbam-setup.exe
2009-06-07 10:24 . 2009-06-07 10:24 1815369 ----a-w- c:\program files\gbgallerylitesetup.exe
2009-05-26 06:42 . 2009-05-26 06:41 1880289 ----a-w- c:\program files\radarsync.exe
2009-05-24 05:35 . 2009-05-24 05:35 453824 ----a-w- c:\program files\driveragent_488.exe
2009-05-19 12:26 . 2009-05-19 12:24 10143072 ----a-w- c:\program files\AbsolutePoker8_7_6.exe
2009-05-18 15:11 . 2009-05-18 15:09 10770432 -c--a-w- c:\program files\LogMeIn.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-13_08.52.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-25 06:40 . 2012-01-25 06:40 16384 c:\windows\temp\Perflib_Perfdata_704.dat
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Livestation"="c:\program files\Livestation\Livestation.exe" [2010-06-24 4657152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Returnil"="c:\program files\Returnil Virtual System Lite 2011\RvsCore.exe" [2012-01-19 2952704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\User\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
.
R0 Rvsystem;Rvsystem;c:\windows\system32\drivers\Rvsystem.sys [19. 1. 2012 23:26 65432]
R1 Rvfssec;Rvfssec;c:\windows\system32\drivers\Rvfssec.sys [19. 1. 2012 23:26 34048]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 Rvssvr;Rvssvr;c:\program files\Returnil Virtual System Lite 2011\RvsCore.exe [19. 1. 2012 23:26 2952704]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [1. 12. 2011 15:19 2916736]
S1 MpKsl181d04f2;MpKsl181d04f2;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKsl181d04f2.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKsl181d04f2.sys [?]
S1 MpKsl488736dc;MpKsl488736dc;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl488736dc.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl488736dc.sys [?]
S1 MpKsl7f208745;MpKsl7f208745;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl7f208745.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl7f208745.sys [?]
S1 MpKslbc0a01b9;MpKslbc0a01b9;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKslbc0a01b9.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKslbc0a01b9.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7. 8. 2011 17:46 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7. 8. 2011 17:46 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [21. 6. 2011 13:28 18432]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [30. 3. 2011 12:05 25088]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [24. 5. 2009 6:35 23600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 16:46]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 16:46]
.
2012-01-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 08:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(13240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Tracker Software\Shell Extensions\XCShInfo.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-25 08:38:20
ComboFix-quarantined-files.txt 2012-01-25 07:38
ComboFix2.txt 2012-01-25 07:14
ComboFix3.txt 2012-01-17 16:40
ComboFix4.txt 2012-01-13 08:57
.
Pre-Run: 5 900 361 728 bytes free
Post-Run: 5 885 349 888 bytes free
.
- - End Of File - - FC48B5F8272DDD438D5ADF317C6B28F2

Lestatos · #6 Příspěvek od **Lestatos** » 25 led 2012 11:42

ComboFix 12-01-23.02 - User . 01. 2012 7:53.14.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.734.181 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Local Settings\Application Data\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 06:30 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E9497BF8-0CA1-4880-8D96-72C719DF2AB9}\mpengine.dll
2012-01-19 22:26 . 2012-01-19 22:26 34048 ----a-w- c:\windows\system32\drivers\Rvfssec.sys
2012-01-19 22:26 . 2012-01-19 22:26 65432 ----a-w- c:\windows\system32\drivers\Rvsystem.sys
2012-01-19 22:26 . 2012-01-19 22:27 -------- d-----w- C:\RETURNIL
2012-01-19 22:26 . 2012-01-19 22:26 -------- d-----w- c:\program files\Returnil Virtual System Lite 2011
2012-01-15 16:08 . 2012-01-15 16:08 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Amazon
2012-01-15 16:08 . 2012-01-15 16:08 -------- d-----w- c:\program files\Amazon
2012-01-15 16:04 . 2012-01-15 16:08 24334368 ----a-w- C:\KindleForPC-installer.exe
2012-01-10 20:49 . 2012-01-10 20:49 -------- d-----w- c:\program files\Tracker Software
2012-01-10 19:50 . 2012-01-10 19:56 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\DC++
2012-01-10 19:50 . 2012-01-10 19:56 -------- d-----w- c:\documents and settings\User\Application Data\DC++
2012-01-10 19:47 . 2012-01-10 19:48 -------- d-----w- c:\program files\DC++
2012-01-05 07:00 . 2012-01-23 14:32 -------- d-----w- C:\485ba1852f2ff01df3
2012-01-03 07:22 . 2012-01-03 07:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-29 10:31 . 2011-12-29 10:31 -------- d-----w- c:\documents and settings\User\Calibre Library
2011-12-29 10:30 . 2011-12-29 10:39 -------- d-----w- c:\documents and settings\User\Application Data\calibre
2011-12-29 10:29 . 2011-12-29 10:30 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 04:19 . 2011-09-21 19:39 6557240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-17 13:00 . 2011-12-17 12:52 118087139 ----a-w- c:\program files\Holdem_Manager_Setup1.12.08.exe
2011-11-25 21:57 . 2008-11-12 02:20 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-11-12 02:20 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-11-12 02:21 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-11-12 02:22 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-11-12 02:20 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-13 16:17 . 2011-08-20 19:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2008-11-12 02:21 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-11-12 02:21 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-11-12 02:21 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2008-11-12 02:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2008-11-12 02:21 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2008-11-12 02:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-08-07 18:35 . 2011-08-07 18:27 121360126 ----a-w- c:\program files\Holdem_Manager_Setup_1.11.07b.exe
2011-08-07 16:46 . 2011-08-07 16:46 600944 ----a-w- c:\program files\gappsconnectsetup.exe
2011-08-07 15:43 . 2011-08-07 15:39 58368499 ----a-w- c:\program files\Hm_1.11.07b.exe
2011-06-09 12:06 . 2011-06-09 12:05 23360000 ----a-w- c:\program files\Livestation-3.2.0.msi
2010-04-20 11:25 . 2010-04-16 16:47 27617116 ----a-w- c:\program files\HmBetaUpdate.exe
2010-04-15 11:42 . 2010-03-14 10:10 1924976 ----a-w- c:\program files\install_flash_player.exe
2009-06-30 08:29 . 2009-06-30 08:29 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-06-28 08:16 . 2009-06-28 08:16 812344 ----a-w- c:\program files\HJTInstall.exe
2009-06-28 08:09 . 2009-05-26 06:01 31863808 -c--a-w- c:\program files\eav_nt32_csy.msi
2009-06-09 14:20 . 2009-06-09 14:14 21646127 ----a-w- c:\program files\scribus-1.3.3.13-win32-install.exe
2009-06-09 12:51 . 2009-06-09 12:49 3371384 ----a-w- c:\program files\mbam-setup.exe
2009-06-07 10:24 . 2009-06-07 10:24 1815369 ----a-w- c:\program files\gbgallerylitesetup.exe
2009-05-26 06:42 . 2009-05-26 06:41 1880289 ----a-w- c:\program files\radarsync.exe
2009-05-24 05:35 . 2009-05-24 05:35 453824 ----a-w- c:\program files\driveragent_488.exe
2009-05-19 12:26 . 2009-05-19 12:24 10143072 ----a-w- c:\program files\AbsolutePoker8_7_6.exe
2009-05-18 15:11 . 2009-05-18 15:09 10770432 -c--a-w- c:\program files\LogMeIn.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-13_08.52.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-25 06:40 . 2012-01-25 06:40 16384 c:\windows\temp\Perflib_Perfdata_704.dat
+ 2008-12-16 12:30 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
- 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2008-12-05 06:54 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Livestation"="c:\program files\Livestation\Livestation.exe" [2010-06-24 4657152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Returnil"="c:\program files\Returnil Virtual System Lite 2011\RvsCore.exe" [2012-01-19 2952704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\User\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres
.
R0 Rvsystem;Rvsystem;c:\windows\system32\drivers\Rvsystem.sys [19. 1. 2012 23:26 65432]
R1 Rvfssec;Rvfssec;c:\windows\system32\drivers\Rvfssec.sys [19. 1. 2012 23:26 34048]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 Rvssvr;Rvssvr;c:\program files\Returnil Virtual System Lite 2011\RvsCore.exe [19. 1. 2012 23:26 2952704]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [1. 12. 2011 15:19 2916736]
S1 MpKsl181d04f2;MpKsl181d04f2;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKsl181d04f2.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKsl181d04f2.sys [?]
S1 MpKsl488736dc;MpKsl488736dc;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl488736dc.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl488736dc.sys [?]
S1 MpKsl7f208745;MpKsl7f208745;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl7f208745.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E55A0D61-41C0-4358-80EA-E068C7748EC1}\MpKsl7f208745.sys [?]
S1 MpKslbc0a01b9;MpKslbc0a01b9;\??\c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKslbc0a01b9.sys --> c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F9BE0794-D5BD-44CA-9925-2DAAF4743056}\MpKslbc0a01b9.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7. 8. 2011 17:46 136176]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7. 8. 2011 17:46 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [21. 6. 2011 13:28 18432]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [30. 3. 2011 12:05 25088]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [24. 5. 2009 6:35 23600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 16:46]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 16:46]
.
2012-01-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 08:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(14116)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office12\1029\GrooveIntlResource.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
c:\program files\Tracker Software\Shell Extensions\XCShInfo.dll
c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll
c:\program files\K-Lite Codec Pack\Filters\FLVSplitter.ax
c:\program files\K-Lite Codec Pack\Filters\MP4Splitter.ax
c:\program files\K-Lite Codec Pack\Filters\avisplitter.ax
c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2012-01-25 08:14:15
ComboFix-quarantined-files.txt 2012-01-25 07:13
ComboFix2.txt 2012-01-17 16:40
ComboFix3.txt 2012-01-13 08:57
.
Pre-Run: 5 859 713 024 bytes free
Post-Run: 5 890 494 464 bytes free
.
- - End Of File - - B77CD9C29B7D0D834D71B044ED7A6625

VIRY.CZ

Prosim o pomoc pri odtrsneni viru olmarik.aya

Prosim o pomoc pri odtrsneni viru olmarik.aya

Re: Prosim o pomoc pri odtrsneni viru olmarik.aya

Re: Prosim o pomoc pri odtrsneni viru olmarik.aya

Re: Prosim o pomoc pri odtrsneni viru olmarik.aya

Re: Prosim o pomoc pri odtrsneni viru olmarik.aya

Re: Prosim o pomoc pri odtrsneni viru olmarik.aya