PC-HELP.CZ

...prikladam log z HJC

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04: VIRUS ALERT!, on 2008-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\admin\Desktop\Dream-Aquarium\Dream-Aquarium\Portable Dream Aquarium 1.1090\Portable Dream Aquarium 1.1090.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\IXP000.TMP\rundii32.exe
C:\Documents and Settings\admin\Desktop\Dream-Aquarium\Dream-Aquarium\Portable Dream Aquarium 1.1090\Portable Dream Aquarium 1.1090.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\IXP001.TMP\rundii32.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\IXP000.TMP\save1.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\IXP001.TMP\save1.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
F3 - REG:win.ini: run="C:\Documents and Settings\admin\Application Data\Adobe\Manager.exe"
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: qalkfxor - {351FFD95-AD3E-4DF7-80DC-78DDDC43A8AD} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\admin\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKLM\..\RunOnce: [wextract_cleanup1] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\admin\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7150368125
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: rqbmvpso - {5329EF1F-EE7D-4686-A0D6-F94ABB19F24A} - C:\WINDOWS\rqbmvpso.dll
O21 - SSODL: pdoskegl - {75415F7A-A919-4C08-91D4-B1D1E4580F39} - C:\WINDOWS\pdoskegl.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7500 bytes

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Combo fix mi vobec nereaguje,spusti sa,ale to je vsetko,... ziadny log,..nic... skace mi tu tabulka pres tabulku,... to je des a hruza

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknotí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah

Klikni pravým tlačítkem myši na odkaz zde a zvol Uložit cíl jako...
- otevře se ti okno, kde přejmenuj ComboFix třeba na TermVir a ulož si ho na plochu.

Pak ho zkus spustit jak bylo napsáno. Pokud by i pak byl problém s ním tak dej vědět.

Dost mi to trvalo,.. ale neslo to inak...
..prikladam log z SDFix

..log z ComboFixu mi jaksi nevyhodilo,.. urobila som vsetko ako si napisal,..celkom mi to dalo zabrat :(


SDFix: Version 1.219
Run by Administrator on st 27. 08. 2008 at 19:36

Microsoft Windows XP [Verzia 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\RECYCLER\S-1-5-21-682003330-1935655697-839522115-1003\Dc3\backups\Error Cleaner.url - Deleted
C:\RECYCLER\S-1-5-21-682003330-1935655697-839522115-1003\Dc3\backups\Privacy Protector.url - Deleted
C:\RECYCLER\S-1-5-21-682003330-1935655697-839522115-1003\Dc3\backups\Spyware&Malware Protection.url - Deleted



Folder C:\WINDOWS\privacy_danger - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 20:04:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip



Files with Hidden Attributes :

Wed 21 May 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 2 Jun 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 1 Apr 2008 77,824 A..H. --- "C:\Program Files\Winferno\PC Confidential\DeleteIndex.exe"
Tue 1 Apr 2008 73,728 A..H. --- "C:\Program Files\Winferno\PC Confidential\PCCBHO.dll"
Wed 21 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 16 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT2D.tmp"
Fri 12 May 2006 854,528 A.SHR --- "C:\Documents and Settings\admin\Local Settings\Application Data\TouchStoneSoftware\rwres32.dll"

Finished!

Ani tím druhým způsobem se to nešlo? Zkus se podívat jestli ten log z ComboFix nenajdeš. Buď by měl být přímo na disku C v souboru ComboFix.txt případně se zkus mrknou ještě sem: C:\ComboFix\ComboFix.txt

Kdyby tam nebyl tak zkus fixnout v HJT tyto položky, jestli tam budou:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
F3 - REG:win.ini: run="C:\Documents and Settings\admin\Application Data\Adobe\Manager.exe"
O3 - Toolbar: qalkfxor - {351FFD95-AD3E-4DF7-80DC-78DDDC43A8AD} - C:\WINDOWS\qalkfxor.dll
O21 - SSODL: rqbmvpso - {5329EF1F-EE7D-4686-A0D6-F94ABB19F24A} - C:\WINDOWS\rqbmvpso.dll
O21 - SSODL: pdoskegl - {75415F7A-A919-4C08-91D4-B1D1E4580F39} - C:\WINDOWS\pdoskegl.dll

Zkus ještě toto:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
"%userprofile%\Plocha\ComboFix.exe" /f3m a dej Ok.
- pak sem vlož log co se ti zobrazí. (pokud máš Combofix.exe přejmenovaný, tak tam místo něho napiš název jak jsi ho pojmenovala).

Kdyby pak i nic nebylo tak udělej toto:
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

...MOC SA OMLUVAM !!!
Ten log som nasla ! tu je >>

ComboFix 08-08-26.03 - admin 2008-08-27 21:05:34.16 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.574 [GMT 2:00]
Running from: C:\Documents and Settings\admin\Desktop\Termvir.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\admin\Desktop\Error Cleaner.url
C:\Documents and Settings\admin\Desktop\Privacy Protector.url
C:\Documents and Settings\admin\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\admin\Favorites\Error Cleaner.url
C:\Documents and Settings\admin\Favorites\Privacy Protector.url
C:\Documents and Settings\admin\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
.
---- Previous Run -------
.
C:\Documents and Settings\admin\Application Data\Adobe\crc.dat
C:\Documents and Settings\admin\Cookies\admin@server.cpmstar[2].txt
C:\Documents and Settings\admin\Desktop\Error Cleaner.url
C:\Documents and Settings\admin\Desktop\Privacy Protector.url
C:\Documents and Settings\admin\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\admin\Favorites\Error Cleaner.url
C:\Documents and Settings\admin\Favorites\Privacy Protector.url
C:\Documents and Settings\admin\Favorites\Spyware&Malware Protection.url
C:\Program Files\Zumie
C:\Program Files\Zumie\home.js
C:\Program Files\Zumie\readme.html
C:\WINDOWS\BM2324aa02.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bekhsqsg.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fccaXPfF.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pmnoNhGw.dll
C:\WINDOWS\system32\wGhNonmp.ini
C:\WINDOWS\system32\wGhNonmp.ini2
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
.

2008-08-27 21:08: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\admin\Application Data\TmpRecentIcons
2008-08-27 21:06: . VIRUS C:\Termvir\ALERT! <DIR> temp
2008-08-27 21:05: . VIRUS C:\Termvir\ALERT! <DIR> Termvir
2008-08-27 21:05: . VIRUS C:\Termvir\ALERT! 388,608 CF22097.exe
2008-08-27 20:18: . VIRUS C:\Termvir\ALERT! 53,248 PSEXESVC.EXE
2008-08-27 20:16: . VIRUS C:\Termvir\ALERT! <DIR> erdnt
2008-08-27 20:15: . VIRUS C:\Termvir\ALERT! 212,480 swxcacls.exe
2008-08-27 20:15: . VIRUS C:\Termvir\ALERT! 161,792 swreg.exe
2008-08-27 20:15: . VIRUS C:\Termvir\ALERT! 136,704 swsc.exe
2008-08-27 20:15: . VIRUS C:\Termvir\ALERT! 98,816 sed.exe
2008-08-27 20:15: . VIRUS C:\Termvir\ALERT! 89,504 fdsv.exe
2008-08-27 20:15: . VIRUS C:\Termvir\ALERT! 80,412 grep.exe
2008-08-27 20:15: . VIRUS C:\Termvir\ALERT! 68,096 zip.exe
2008-08-27 20:15: . VIRUS C:\Termvir\ALERT! 49,152 VFind.exe
2008-08-27 20:15: . VIRUS C:\Termvir\ALERT! 28,672 Nircmd.exe
2008-08-27 19:59: . VIRUS C:\Termvir\ALERT! 1,072,992,256 hiberfil.sys
2008-08-27 19:29: . VIRUS C:\Termvir\ALERT! <DIR> SDFix
2008-08-27 18:35: . VIRUS C:\Termvir\ALERT! <DIR> ERUNT
2008-08-27 18:32: . VIRUS C:\Termvir\ALERT! <DIR> Administrator
2008-08-27 18:32: . VIRUS C:\Termvir\ALERT! 524,288 NTUSER.DAT
2008-08-27 18:28: . VIRUS C:\Termvir\ALERT! <DIR> pss
2008-08-27 17:23: . VIRUS C:\Termvir\ALERT! 1,417,602 SDFix.exe
2008-08-27 14:43: . VIRUS C:\Termvir\ALERT! <DIR> ComboFix
2008-08-27 14:38: . VIRUS C:\Termvir\ALERT! <DIR> QooBox
2008-08-26 21:55: . VIRUS C:\Termvir\ALERT! 352,256 rodqgpvlter.dll
2008-08-26 21:55: . VIRUS C:\Termvir\ALERT! 233,472 pdoskegl.dll
2008-08-26 21:55: . VIRUS C:\Termvir\ALERT! 188,416 rqbmvpso.dll
2008-08-26 21:55: . VIRUS C:\Termvir\ALERT! 155,648 qalkfxor.dll
2008-08-26 21:55: . VIRUS C:\Termvir\ALERT! 126,976 wx56435.dll
2008-08-26 21:55: . VIRUS C:\Termvir\ALERT! 86,016 rvoelbxt.exe
2008-08-26 21:34: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\admin\Application Data\Thinstall
2008-08-25 09:03: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\Age of Dinosaurs 3D
2008-08-25 09:03: . VIRUS C:\Termvir\ALERT! 785,920 Age of Dinosaurs 3D.scr
2008-08-25 09:03: . VIRUS C:\Termvir\ALERT! 350,208 d3drm.dll
2008-08-25 09:02: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\3D Fish School 4
2008-08-25 09:02: . VIRUS C:\Termvir\ALERT! 3,712,000 ss3dfish.scr
2008-08-25 09:02: . VIRUS C:\Termvir\ALERT! 125,440 dx7ogl32.dll
2008-08-24 18:24: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\Dinosaurs 3D Screensaver
2008-08-24 18:24: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\Astro Gemini Software
2008-08-24 18:24: . VIRUS C:\Termvir\ALERT! 92,216 bass.dll
2008-08-24 18:21: . VIRUS C:\Termvir\ALERT! 1,993,687 Living Waterfalls 2.scr
2008-08-24 18:20: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\Common Files\Winferno
2008-08-24 18:20: . VIRUS C:\Termvir\ALERT! 212,240 Richtx32.ocx
2008-08-20 07:57: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\All Users\Application Data\IM
2008-08-20 07:56: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-08-17 13:13: . VIRUS C:\Termvir\ALERT! <DIR> Age of Emerald
2008-08-17 13:08: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\admin\Application Data\Go-Go Gourmet Chef of the Year
2008-08-17 13:06: . VIRUS C:\Termvir\ALERT! <DIR> Go-Go Gourmet 2 - Chef of the Year
2008-08-14 20:48: . VIRUS C:\Termvir\ALERT! 45 contactlist.xml
2008-08-12 19:12: . VIRUS C:\Termvir\ALERT! <DIR> Bloom Busters
2008-08-10 21:10: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\admin\Saved Games
2008-08-10 21:09: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\admin\Application Data\iWin
2008-08-10 17:32: . VIRUS C:\Termvir\ALERT! 10,524 mstmpxmlfun.xml
2008-08-10 09:58: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\Common Files\Skype
2008-08-10 09:58: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\admin\Application Data\Skype
2008-08-06 21:33: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\admin\Application Data\MysteryStudio
2008-08-06 21:33: . VIRUS C:\Termvir\ALERT! 304 bbbconfig.dat
2008-08-05 18:54: . VIRUS C:\Termvir\ALERT! <DIR> 16 Big Fish Games
2008-08-05 13:39: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\admin\Application Data\cerasus
2008-08-05 13:14: . VIRUS C:\Termvir\ALERT! 24,855 epfwdata.bin
2008-08-05 11:21: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\Common Files\SWF Studio
2008-07-30 23:11: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\Motherboard Monitor 5
2008-07-30 23:09: . VIRUS C:\Termvir\ALERT! 0 XXLGS
2008-07-30 22:45 . 2008-07-30 22:45: VIRUS ALERT! 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-07-30 21:24: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\Lavalys
2008-07-28 16:44: . VIRUS C:\Termvir\ALERT! <DIR> C:\Documents and Settings\admin\Application Data\cerasus.media
2008-07-28 16:43: . VIRUS C:\Termvir\ALERT! <DIR> Mystery Stories-Island of Hope
2008-07-28 16:43: . VIRUS C:\Termvir\ALERT! <DIR> C:\Program Files\Mystery Stories-Island of Hope

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 15:57 --------- d-----w C:\Documents and Settings\admin\Application Data\skypePM
2008-08-27 15:23 1,417,602 ----a-w C:\SDFix.exe
2008-08-26 15:57 86,016 ----a-w C:\WINDOWS\rvoelbxt.exe
2008-08-26 15:57 352,256 ----a-w C:\WINDOWS\rodqgpvlter.dll
2008-08-26 15:57 233,472 ----a-w C:\WINDOWS\pdoskegl.dll
2008-08-26 15:57 188,416 ----a-w C:\WINDOWS\rqbmvpso.dll
2008-08-26 15:57 155,648 ----a-w C:\WINDOWS\qalkfxor.dll
2008-08-26 12:30 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-24 16:29 --------- d-----w C:\Program Files\Winferno
2008-08-24 16:21 --------- d-----w C:\Program Files\Freeze.com
2008-08-21 15:38 3,712,000 ----a-w C:\WINDOWS\ss3dfish.scr
2008-08-20 09:33 --------- d-----w C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2008-08-11 13:55 304 ----a-w C:\Documents and Settings\admin\Application Data\bbbconfig.dat
2008-08-10 07:58 --------- d-----w C:\Program Files\Skype
2008-08-10 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-08 09:19 125,440 ----a-w C:\WINDOWS\dx7ogl32.dll
2008-08-06 20:17 --------- d-----w C:\Documents and Settings\admin\Application Data\PlayFirst
2008-08-05 11:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-05 11:05 --------- d-----w C:\Program Files\ESET
2008-07-29 20:41 --------- d-----w C:\Program Files\COMODO
2008-07-29 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-07-29 20:41 --------- d-----w C:\Documents and Settings\admin\Application Data\Comodo
2008-07-27 08:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-24 19:29 --------- d-----w C:\Documents and Settings\admin\Application Data\Hulabee
2008-07-24 19:25 --------- d-----w C:\Program Files\Piglet's Big Game
2008-07-24 18:43 --------- d-----w C:\Program Files\PC Translator
2008-07-24 09:47 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-24 08:57 --------- d-----w C:\Documents and Settings\admin\Application Data\vlc
2008-07-23 23:31 --------- d-----w C:\Program Files\Image-Line
2008-07-23 10:06 --------- d-----w C:\Program Files\FlashGet
2008-07-23 09:25 --------- d-----w C:\Program Files\BitLord
2008-07-22 20:58 --------- d-----w C:\Program Files\FreeCall.com
2008-07-19 20:05 --------- d-----w C:\Program Files\Sony
2008-07-13 02:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-10 09:03 --------- d-----w C:\Documents and Settings\admin\Application Data\ImgBurn
2008-07-08 23:12 --------- d-----w C:\Program Files\Talisman 3
2008-07-08 19:48 --------- d-----w C:\Documents and Settings\admin\Application Data\FreeCall
2008-07-06 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-06 20:46 --------- d-----w C:\Documents and Settings\admin\Application Data\Uniblue
2008-07-06 20:37 --------- d-----w C:\Program Files\Uniblue
2008-07-06 10:15 --------- d-----w C:\Program Files\CDex_170b2
2008-07-05 19:28 --------- d-----w C:\Program Files\Crystal Player
2008-07-04 16:40 --------- d-----w C:\Documents and Settings\admin\Application Data\AdobeUM
2008-07-03 21:44 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-03 21:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-03 21:37 --------- d-----w C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
2008-07-03 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-03 15:43 --------- d-----w C:\Program Files\Opera
2008-07-02 22:58 --------- d-----w C:\Program Files\MpcStar
2008-07-02 20:40 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-07-02 19:17 --------- d-----w C:\Documents and Settings\admin\Application Data\TERMINAL Studio
2008-07-02 18:19 --------- d-----w C:\Documents and Settings\admin\Application Data\Astro Gemini Software
2008-07-01 22:56 --------- d-----w C:\Program Files\Winamp
2008-07-01 15:15 --------- d-----w C:\Program Files\VideoLAN
2008-07-01 15:15 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-07-01 15:14 --------- d-----w C:\Program Files\Sonique(2)
2008-07-01 15:14 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-01 15:14 --------- d-----w C:\Documents and Settings\admin\Application Data\Winamp
2008-07-01 15:13 --------- d-----w C:\Documents and Settings\admin\Application Data\Skype(4)
2008-07-01 15:13 --------- d-----w C:\Documents and Settings\admin\Application Data\Skype(3)
2008-07-01 07:04 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-07-01 07:04 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-07-01 07:04 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-07-01 06:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-07-01 06:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-29 16:29 --------- d-----w C:\Program Files\Java
2008-06-29 16:28 --------- d-----w C:\Program Files\Common Files\Java
2008-01-25 20:33 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-27_20.35.18.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-27 19:08:53 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_bc4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{409CB2A9-37B6-3A70-A406-EABE9563F92A}]
2008-08-26 21:55: VIRUS ALERT! 126976 --a------ C:\WINDOWS\system32\wx56435.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD6C5BBB-A5A8-44FD-B8AF-AD61045AB355}]
2008-08-26 17:57: VIRUS ALERT! 352256 --a------ C:\WINDOWS\rodqgpvlter.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{351FFD95-AD3E-4DF7-80DC-78DDDC43A8AD}"= "C:\WINDOWS\qalkfxor.dll" [2008-08-26 17:57: VIRUS ALERT! 155648]

[HKEY_CLASSES_ROOT\clsid\{351ffd95-ad3e-4df7-80dc-78dddc43a8ad}]
[HKEY_CLASSES_ROOT\qalkfxor.1]
[HKEY_CLASSES_ROOT\TypeLib\{59F5B344-4061-4F8A-8496-0FCDDD2B2551}]
[HKEY_CLASSES_ROOT\qalkfxor]

Ten log z CF není bohužel celý, takže následující postup bude krapet delší.

Pokud je ještě problém jak jsi psala, tak fixni v HJT tuto položku jestli tam bude:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud používáš souborový manažer a dokázala by jsi zkopírovat na plochu jeden soubor tak udělej toto:
běž do adresáře kde máš rozbalený SDFix (C:\SDFix) a tam najdeš soubor XP_VirusAlert_Repair.inf. Zkus si ho přesunout na plochu.
- klikni pravým tlačítkem myši na soubor XP_VirusAlert_Repair a zvol možnost nainstalovat.
- po té restartuj Pc

jinak použij toto:
Stáhni si tento archiv a rozbal si jeho obsah na plochu
- klikni pravým tlačítkem myši na soubor VArestorepolicies.inf a zvol možnost nainstalovat.
- po té restartuj Pc

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si Avenger (by Swandog46) a spusť ho pod účtem administrátora.
- objeví se ti hláška kterou odklikni přes Ok
Vlož si tam tento celý skript označený zeleně:
Files to delete:
C:\WINDOWS\rodqgpvlter.dll
C:\WINDOWS\system32\wx56435.dll
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\rqbmvpso.dll
C:\WINDOWS\rvoelbxt.exe

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{409CB2A9-37B6-3A70-A406-EABE9563F92A}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6C5BBB-A5A8-44FD-B8AF-AD61045AB355}

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {351FFD95-AD3E-4DF7-80DC-78DDDC43A8AD}
- označ si celý skript a zkopíruj do schránky
- pak si ho vlož do avengeru přes toto tlačítko
- skrip se ti vloží do prázdného okna pod nadpisem: Input script here:
- pak klikni na tlačítko Execute
Budeš dotázán na to jestli chceš provést skript tak zvol Ano
- po proběhnutí prvního kroku budeš dotázán na na restart počítače tak zvol znovu Ano

Vlož sem pak log z Avengeru

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg
- spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený modře:
@echo off
set lvyp="%userprofile%\Desktop\vyp.txt"
if exist %lvyp% del %lvyp%
dir "%AppData%\TmpRecentIcons" /a/s>> %lvyp%
start notepad %lvyp%
Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: vyptmp.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu

Spusť ho a za chvíli se ti zobrazí okno s logem, tak ho sem vlož.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak sem vlož log z RSIT

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vlož sem pak tyto logy:
- avengeru
- z výpisu (vyptmp.bat)
- z RSIT

...vkladam log z Avengeru >>

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\rodqgpvlter.dll" deleted successfully.
File "C:\WINDOWS\system32\wx56435.dll" deleted successfully.
File "C:\WINDOWS\qalkfxor.dll" deleted successfully.
File "C:\WINDOWS\pdoskegl.dll" deleted successfully.
File "C:\WINDOWS\rqbmvpso.dll" deleted successfully.
File "C:\WINDOWS\rvoelbxt.exe" deleted successfully.
Registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{409CB2A9-37B6-3A70-A406-EABE9563F92A}" deleted successfully.
Registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6C5BBB-A5A8-44FD-B8AF-AD61045AB355}" deleted successfully.

Error: could not delete registry value "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{351FFD95-AD3E-4DF7-80DC-78DDDC43A8AD}"
Deletion of registry value "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{351FFD95-AD3E-4DF7-80DC-78DDDC43A8AD}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

...log z vyptmp.bat >>

Zv„zok v jednotke C je win
S‚riov‚ źˇslo zv„zku je 2017-9931

Věpis adres ra C:\Documents and Settings\admin\Application Data\TmpRecentIcons

2008-08-27 21:08: VIRUS ALERT! <DIR> .
2008-08-27 21:08: VIRUS ALERT! <DIR> ..
2008-07-22 13:17: VIRUS ALERT! 681 BitLord.lnk
2008-07-24 01:31: VIRUS ALERT! 1,660 Collab.lnk
2008-07-05 21:28: VIRUS ALERT! 1,596 Crystal Player.lnk
2008-07-30 21:25: VIRUS ALERT! 770 EVEREST Home Edition.lnk
2008-07-24 01:31: VIRUS ALERT! 771 FL Studio 8.lnk
2008-08-17 13:06: VIRUS ALERT! 1,668 Go-Go Gourmet 2 - Chef of the Year.lnk
2008-04-15 18:27: VIRUS ALERT! 717 GS Typing Tutor.lnk
2008-07-01 21:21: VIRUS ALERT! 1,469 ImgBurn.lnk
2008-07-28 16:43: VIRUS ALERT! 1,791 Mystery Stories Island of Hope.lnk
2008-06-11 13:07: VIRUS ALERT! 676 Odkaz na cakemania2.lnk
2008-07-06 12:15: VIRUS ALERT! 675 Odkaz na CDex.exe.lnk
2008-06-11 13:13: VIRUS ALERT! 767 Odkaz na FlowerStandTycoon.lnk
2008-08-25 21:47: VIRUS ALERT! 145 Odkaz na Jednotka CD.lnk
2008-06-10 10:15: VIRUS ALERT! 1,141 Odkaz na JennysFishShop.lnk
2008-08-10 21:09: VIRUS ALERT! 683 Odkaz na JewelQuest3.exe.lnk
2008-06-23 09:59: VIRUS ALERT! 553 Odkaz na VirtualFarm.lnk
2008-05-02 15:34: VIRUS ALERT! 1,549 PC Translator 2004.lnk
2008-07-24 21:25: VIRUS ALERT! 741 Piglet's Big Game .lnk
2008-08-17 13:13: VIRUS ALERT! 1,728 Play Age of Emerald.lnk
2008-08-12 19:13: VIRUS ALERT! 1,638 Play Bloom Busters.lnk
2008-05-02 15:34: VIRUS ALERT! 1,549 Slovnˇk.lnk
2008-05-02 15:34: VIRUS ALERT! 1,558 Web Translator 2004.lnk
22 sŁborov, 24,526 bajtov

Poźet sŁborov v zozname:
22 sŁborov, 24,526 bajtov
2 adres rov, 12,422,234,112 vo–něch bajtov

Ještě před logem z RSIT udělej toto:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg
- spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

Restartuj Pc a pak spusť RSIT.

Ahoj ...takze este tu je log z RSIT >>

Logfile of random's system information tool (written by random/random)
Run by admin at 2008-08-28 18:12:28
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (31%) free of 38 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:32, on 2008-08-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7150368125
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: rqbmvpso - {40CDC73F-BB56-4844-A413-3681D04456AA} - C:\WINDOWS\rqbmvpso.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6877 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\rpc.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-14 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2008-05-02 1630208]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-01-07 81920]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-16 68856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
rqbmvpso - {40CDC73F-BB56-4844-A413-3681D04456AA} - C:\WINDOWS\rqbmvpso.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

List of files/folders created in the last three months

2008-08-28 18:06:16 ----D---- C:\rsit
2008-08-28 18:05:24 ----A---- C:\RSIT.exe
2008-08-28 14:50:01 ----D---- C:\Avenger
2008-08-28 14:50:01 ----A---- C:\avenger.txt
2008-08-28 14:27:05 ----A---- C:\avenger.exe
2008-08-28 14:24:27 ----D---- C:\WINDOWS\privacy_danger
2008-08-27 22:47:23 ----A---- C:\WINDOWS\unins000.exe
2008-08-27 21:08:01 ----D---- C:\Documents and Settings\admin\Application Data\TmpRecentIcons
2008-08-27 21:06:31 ----D---- C:\WINDOWS\temp
2008-08-27 21:05:25 ----D---- C:\Termvir
2008-08-27 21:05:24 ----A---- C:\WINDOWS\system32\CF22097.exe
2008-08-27 20:18:35 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-08-27 20:16:21 ----D---- C:\WINDOWS\erdnt
2008-08-27 20:15:07 ----A---- C:\WINDOWS\zip.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\VFind.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\swreg.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\sed.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\Nircmd.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\grep.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\fdsv.exe
2008-08-27 20:15:06 ----A---- C:\WINDOWS\swxcacls.exe
2008-08-27 20:15:06 ----A---- C:\WINDOWS\swsc.exe
2008-08-27 19:29:42 ----D---- C:\SDFix
2008-08-27 18:35:34 ----D---- C:\WINDOWS\ERUNT
2008-08-27 18:28:55 ----D---- C:\WINDOWS\pss
2008-08-27 17:23:25 ----A---- C:\SDFix.exe
2008-08-27 14:43:35 ----D---- C:\ComboFix
2008-08-27 14:38:57 ----D---- C:\QooBox
2008-08-26 22:01:48 ----A---- C:\WINDOWS\system32\2b345de0-.txt
2008-08-26 21:34:49 ----D---- C:\Documents and Settings\admin\Application Data\Thinstall
2008-08-25 09:03:09 ----A---- C:\WINDOWS\d3drm.dll
2008-08-25 09:03:08 ----D---- C:\Program Files\Age of Dinosaurs 3D
2008-08-25 09:02:33 ----A---- C:\WINDOWS\dx7ogl32.dll
2008-08-25 09:02:32 ----D---- C:\Program Files\3D Fish School 4
2008-08-24 18:24:50 ----D---- C:\Program Files\Astro Gemini Software
2008-08-24 18:24:47 ----D---- C:\Program Files\Dinosaurs 3D Screensaver
2008-08-24 18:24:47 ----A---- C:\WINDOWS\system32\bass.dll
2008-08-24 18:20:58 ----D---- C:\Program Files\Common Files\Winferno
2008-08-20 07:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2008-08-20 07:56:51 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-08-17 13:13:25 ----D---- C:\WINDOWS\Age of Emerald
2008-08-17 13:08:01 ----D---- C:\Documents and Settings\admin\Application Data\Go-Go Gourmet Chef of the Year
2008-08-17 13:06:20 ----D---- C:\WINDOWS\Go-Go Gourmet 2 - Chef of the Year
2008-08-12 19:12:23 ----D---- C:\WINDOWS\Bloom Busters
2008-08-10 21:09:23 ----D---- C:\Documents and Settings\admin\Application Data\iWin
2008-08-10 09:58:56 ----D---- C:\Documents and Settings\admin\Application Data\Skype
2008-08-10 09:58:46 ----D---- C:\Program Files\Common Files\Skype
2008-08-06 21:33:26 ----D---- C:\Documents and Settings\admin\Application Data\MysteryStudio
2008-08-05 18:54:01 ----D---- C:\WINDOWS\16 Big Fish Games
2008-08-05 13:39:43 ----D---- C:\Documents and Settings\admin\Application Data\cerasus
2008-08-05 11:21:23 ----D---- C:\Program Files\Common Files\SWF Studio
2008-07-30 23:11:33 ----D---- C:\Program Files\Motherboard Monitor 5
2008-07-30 21:24:59 ----D---- C:\Program Files\Lavalys
2008-07-28 16:44:45 ----D---- C:\Documents and Settings\admin\Application Data\cerasus.media
2008-07-28 16:43:14 ----D---- C:\WINDOWS\Mystery Stories-Island of Hope
2008-07-28 16:43:14 ----D---- C:\Program Files\Mystery Stories-Island of Hope
2008-07-24 21:29:47 ----D---- C:\Documents and Settings\admin\Application Data\Hulabee
2008-07-24 21:24:56 ----D---- C:\Program Files\Piglet's Big Game
2008-07-24 11:47:50 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-07-22 13:17:27 ----D---- C:\Program Files\BitLord
2008-07-22 12:50:39 ----D---- C:\BitLord
2008-07-18 23:02:40 ----D---- C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2008-07-18 22:55:28 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-07-13 01:24:31 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-07-13 00:20:08 ----D---- C:\WINDOWS\nview
2008-07-13 00:20:08 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-09 09:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-09 00:21:58 ----D---- C:\Program Files\Talisman 3
2008-07-08 21:48:06 ----D---- C:\Documents and Settings\admin\Application Data\FreeCall
2008-07-08 21:42:25 ----D---- C:\Program Files\FreeCall.com
2008-07-06 22:47:11 ----D---- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-06 19:22:38 ----D---- C:\Documents and Settings\admin\Application Data\Uniblue
2008-07-06 18:15:58 ----D---- C:\Program Files\Uniblue
2008-07-06 16:49:46 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2008-07-06 16:49:45 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-06 16:10:23 ----A---- C:\WINDOWS\cgminivw.ini
2008-07-06 16:07:35 ----A---- C:\WINDOWS\Tiny_Run.ini
2008-07-06 09:43:49 ----D---- C:\Program Files\CDex_170b2
2008-07-05 21:28:43 ----D---- C:\Program Files\Crystal Player
2008-07-04 17:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-07-04 16:54:54 ----D---- C:\Program Files\FlashGet
2008-07-04 00:23:33 ----D---- C:\Program Files\COMODO
2008-07-03 23:53:46 ----A---- C:\WINDOWS\system32\cssdll32.dll
2008-07-03 23:39:57 ----D---- C:\Program Files\SUPERAntiSpyware
2008-07-03 22:20:17 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-03 22:20:11 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-07-02 21:20:39 ----D---- C:\Program Files\Freeze.com
2008-07-02 21:19:54 ----D---- C:\Program Files\Free Offers from Freeze.com
2008-07-02 21:18:07 ----D---- C:\Program Files\Winferno
2008-07-02 21:17:02 ----D---- C:\Documents and Settings\admin\Application Data\TERMINAL Studio
2008-07-02 20:19:06 ----D---- C:\Documents and Settings\admin\Application Data\Astro Gemini Software
2008-07-01 17:15:01 ----D---- C:\Documents and Settings\admin\Application Data\vlc
2008-07-01 17:14:28 ----D---- C:\Program Files\Winamp
2008-07-01 15:20:23 ----D---- C:\Documents and Settings\admin\Application Data\ImgBurn
2008-07-01 14:56:17 ----D---- C:\Documents and Settings\admin\Application Data\Skype(4)
2008-07-01 14:51:22 ----D---- C:\Documents and Settings\admin\Application Data\Skype(3)
2008-06-30 18:02:28 ----D---- C:\Program Files\Sonique(2)
2008-06-30 17:58:27 ----D---- C:\Documents and Settings\admin\Application Data\Winamp
2008-06-29 18:28:54 ----D---- C:\Program Files\Java
2008-06-29 18:28:53 ----D---- C:\Program Files\Common Files\Java
2008-06-25 22:08:49 ----ASH---- C:\WINDOWS\system32\frnatybv.ini
2008-06-24 13:18:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-06-23 14:03:24 ----D---- C:\Documents and Settings\admin\Application Data\Playrix Entertainment
2008-06-23 10:40:25 ----D---- C:\WINDOWS\Supermarket Mania
2008-06-23 09:58:58 ----D---- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-17 22:47:23 ----D---- C:\WINDOWS\Album
2008-06-17 20:56:59 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-15 21:55:39 ----A---- C:\WINDOWS\TRNCOM.INI
2008-06-12 03:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-12 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-12 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-12 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-11 12:56:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-10 20:56:00 ----D---- C:\Program Files\Skype
2008-06-09 12:12:21 ----A---- C:\WINDOWS\system32\rewire.dll
2008-06-09 12:11:38 ----D---- C:\Program Files\Image-Line
2008-06-09 12:11:18 ----D---- C:\Program Files\Outsim
2008-06-08 21:27:34 ----D---- C:\WINDOWS\Balloon Bliss
2008-06-08 21:23:37 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-08 18:20:58 ----D---- C:\Documents and Settings\admin\Application Data\Alawar
2008-06-08 18:15:25 ----D---- C:\Program Files\Alawar
2008-06-08 11:52:05 ----SHD---- C:\RECYCLER
2008-06-07 21:21:25 ----D---- C:\Documents and Settings\admin\Application Data\WinRAR
2008-06-06 21:05:54 ----D---- C:\Program Files\VirusTotalUploader
2008-05-30 00:01:35 ----D---- C:\Program Files\Sony Corporation
2008-05-30 00:01:19 ----N---- C:\WINDOWS\snymsico.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CDDBUISony.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CddbLinkSony.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CDDBControlSony.dll
2008-05-30 00:00:23 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-29 23:59:53 ----D---- C:\Program Files\Sony
2008-05-29 23:59:24 ----D---- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59:24 ----D---- C:\Documents and Settings\admin\Application Data\Sony Corporation

List of drivers

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 catchme;catchme; \??\C:\Termvir\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 97184]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UxTuneUp;TuneUp rozšíření vzhledu; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-31 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-01-06 69632]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-26 306432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------