Prosím o kontrolu logu

reddwarf55555 · Příspěvekod **reddwarf55555** » 18 črc 2009 14:47

Ja som ho odinštaloval až teraz... som chcel odinstalovat ClamAV a som vedel ze to je sucast Spyware T. tak som ho dal odinstaloval a potom som zle klikol.

Tu je ten log:

t Results of screen317's Security Check version 0.98.5
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Smart Security

Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
ESET ESET Smart Security ekrn.exe
ESET ESET Smart Security egui.exe
``````````````````````````````
DNS Vulnerability Check:
POOR! (NOT RANDOM-- Consider OPENDNS)

`````````End of Log```````````

Reklama

Damned · Příspěvekod **Damned** » 18 črc 2009 15:00

Takže máš již odinstalovaný Clam a ST? Pokud ano, zkontroluj po restartu zapnutí ESETu. Máš tam ještě Trend Micro, to je pro MWAV?

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém: T-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
*****************************************************************************************************************************************
Vlož mi sem pak nový log z HJT. A popiš chování PC.

reddwarf55555 · Příspěvekod **reddwarf55555** » 18 črc 2009 15:16

ClamAV nemam odinstalovany lebo som pri odinstalovani Spyware Terminatora omylom klikol ze ClamAV nema odinstalovat a nemam tam v zlozke Clamu ziadny uninstall subor.

Tu je log z HJT ale ClamAV mam stale:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:57, on 18. 7. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Vlastnik\Desktop\lle-1\LLE.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LPT LED Effect] C:\Documents and Settings\Vlastnik\Desktop\lle-1\LLE.exe hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7566 bytes

Chovanie PC sa nezmenilo

Damned · Příspěvekod **Damned** » 18 črc 2009 15:49

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):

O4 - HKLM\..\Run: [LPT LED Effect] C:\Documents and Settings\Vlastnik\Desktop\lle-1\LLE.exe hide
****************************************************************************************************************************************
Stáhni si MWAV , aktualizuj ho, zaškrtni sken i na spyware a proveď test. Pak sem jako přílohu přilož log (archivovaný), případně ho ulož třeba na Edisk, kdyby byl velký.

ESET jde? ClamAV smažeme potom.

reddwarf55555 · Příspěvekod **reddwarf55555** » 18 črc 2009 17:46

Eset nejde... stále je červený

Damned · Příspěvekod **Damned** » 18 črc 2009 18:21

Start-spustit-napiš: notepad, otevře se Poznámkový blok.Do něho vlož tento celý text:

Kód: Vybrat vše

dir \core.dll /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

Zatím budu hledat dál.

reddwarf55555 · Příspěvekod **reddwarf55555** » 18 črc 2009 18:58

Volume in drive C has no label.
Volume Serial Number is 086A-B43E

Directory of C:\Documents and Settings\Vlastnik\Desktop\CS

07. 03. 2006 18:11 225 280 Core.dll
1 File(s) 225 280 bytes

Damned · Příspěvekod **Damned** » 18 črc 2009 19:27

Červené soubor zkontroluj na Virustotalu a vlož sem odkazy na výsledky:
C:\Documents and Settings\Vlastnik\Desktop\CS\Core.dll
C:\Documents and Settings\Vlastnik\Desktop\Zlozky\FL%20Studio%208%20XXL%20(v8,00%20-%20full)\FL Studio 8 XXL (v8,00 - full)\DelZip179.dll
*****************************************************************************************************************************************
Stáhni si RSIT (by random/random)- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

reddwarf55555 · Příspěvekod **reddwarf55555** » 18 črc 2009 19:31

http://www.virustotal.com/reanalisis.ht ... 1247938531

http://www.virustotal.com/analisis/3427 ... 1234906192

Logfile of random's system information tool 1.06 (written by random/random)
Run by Vlastnik at 2009-07-18 19:30:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 10 GB (21%) free of 45 GB
Total RAM: 511 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:12, on 18. 7. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Vlastnik\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Vlastnik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7613 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-436374069-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-436374069-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-27 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-03-01 1443072]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"nwiz"=nwiz.exe /install []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-27 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Form Pilot Pro Trial virtual printer agent]
C:\Program Files\Form Pilot Pro Trial\fppagentd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Vlastnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-29 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessGovernor]
C:\Program Files\Process Lasso\processgovernor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProcessSupervisorGUI]
C:\Program Files\Process Lasso\processlasso.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-27 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE [2006-09-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FirebirdServerDefaultInstance"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-04-15 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-07-18 19:30:02 ----D---- C:\rsit
2009-07-18 17:00:25 ----AD---- C:\WINDOWS\system32\runouce.exe
2009-07-18 16:39:21 ----A---- C:\WINDOWS\system32\eEmpty.exe
2009-07-18 16:39:14 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2009-07-18 16:39:14 ----A---- C:\WINDOWS\system32\T.COM
2009-07-18 16:39:14 ----A---- C:\WINDOWS\REGEDIT.COM
2009-07-18 16:39:14 ----A---- C:\WINDOWS\R.COM
2009-07-18 16:39:12 ----D---- C:\Program Files\Common Files\MicroWorld
2009-07-18 16:39:02 ----D---- C:\Documents and Settings\All Users\Application Data\MicroWorld
2009-07-18 15:55:07 ----D---- C:\Documents and Settings\Vlastnik\Application Data\Download Manager
2009-07-18 15:18:18 ----SHD---- C:\RECYCLER
2009-07-18 15:16:56 ----SD---- C:\ComboFix
2009-07-18 13:20:45 ----A---- C:\ComboFix.txt
2009-07-18 11:14:12 ----RASHD---- C:\cmdcons
2009-07-18 11:12:11 ----D---- C:\WINDOWS\ERDNT
2009-07-18 10:46:21 ----D---- C:\Documents and Settings\Vlastnik\Application Data\Malwarebytes
2009-07-18 10:46:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-18 10:46:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-18 00:48:32 ----D---- C:\Program Files\Trend Micro
2009-07-18 00:41:41 ----D---- C:\Program Files\XP TCPIP Repair
2009-07-17 01:20:40 ----D---- C:\Program Files\ReadManiac
2009-07-17 01:10:05 ----D---- C:\Program Files\BR4
2009-07-14 01:29:45 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-07-14 01:29:32 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-07-14 01:28:36 ----D---- C:\WINDOWS\system32\RsFx
2009-07-14 01:27:11 ----D---- C:\Program Files\MSXML 6.0
2009-07-14 01:19:55 ----D---- C:\Program Files\Microsoft Web Designer Tools
2009-07-14 01:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2009-07-14 01:16:41 ----D---- C:\Program Files\Microsoft SQL Server
2009-07-14 01:16:36 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-14 01:13:05 ----D---- C:\Program Files\Microsoft.NET
2009-07-14 01:12:44 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2009-07-14 01:12:44 ----D---- C:\Program Files\Common Files\Merge Modules
2009-07-14 01:11:26 ----D---- C:\Program Files\Microsoft SDKs
2009-07-09 18:43:04 ----D---- C:\Program Files\WorldUnlock Codes Calculator
2009-07-09 17:43:03 ----D---- C:\Program Files\stroboMania
2009-07-08 18:43:58 ----D---- C:\Program Files\auto_test
2009-07-08 16:20:24 ----D---- C:\WINDOWS\Minidump
2009-07-08 09:03:27 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-07-07 22:53:58 ----D---- C:\Program Files\Google Hacks
2009-07-03 13:54:09 ----D---- C:\Program Files\Bus Driver
2009-06-28 00:56:25 ----D---- C:\ FL Studio 8
2009-06-28 00:43:57 ----D---- C:\Program Files\FL Studio 8
2009-06-25 19:39:32 ----D---- C:\Program Files\Rockstar Games
2009-06-22 19:21:11 ----D---- C:\Program Files\IrfanView
2009-06-20 23:47:06 ----D---- C:\Documents and Settings\Vlastnik\Application Data\Publish Providers
2009-06-20 23:46:18 ----D---- C:\Documents and Settings\Vlastnik\Application Data\Sony
2009-06-20 23:42:54 ----D---- C:\Program Files\Vstplugins
2009-06-20 23:39:33 ----D---- C:\Program Files\Sony
2009-06-20 23:38:16 ----D---- C:\Program Files\Sony Setup
2009-06-19 21:19:23 ----D---- C:\Documents and Settings\Vlastnik\Application Data\Panasonic
2009-06-19 21:18:53 ----A---- C:\WINDOWS\system32\PICSDK2.dll
2009-06-19 21:18:53 ----A---- C:\WINDOWS\system32\PICSDK.ini
2009-06-19 21:18:51 ----A---- C:\WINDOWS\system32\PICSDK.dll
2009-06-19 21:18:48 ----A---- C:\WINDOWS\system32\PICEntry.dll
2009-06-19 21:18:46 ----A---- C:\WINDOWS\system32\EpPicPrt.dll
2009-06-19 21:18:42 ----A---- C:\WINDOWS\system32\EPPicMgr.dll
2009-06-19 21:16:18 ----D---- C:\Program Files\Panasonic
2009-06-19 21:15:38 ----D---- C:\Documents and Settings\Vlastnik\Application Data\InstallShield

======List of files/folders modified in the last 1 months======

2009-07-18 19:29:45 ----D---- C:\WINDOWS\Temp
2009-07-18 19:24:18 ----A---- C:\WINDOWS\wincmd.ini
2009-07-18 19:24:18 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-07-18 18:40:44 ----D---- C:\Documents and Settings\Vlastnik\Application Data\Skype
2009-07-18 17:00:25 ----D---- C:\WINDOWS\system32
2009-07-18 16:40:35 ----D---- C:\WINDOWS
2009-07-18 16:39:12 ----D---- C:\Program Files\Common Files
2009-07-18 16:06:36 ----D---- C:\Documents and Settings\Vlastnik\Application Data\skypePM
2009-07-18 15:18:17 ----D---- C:\WINDOWS\Prefetch
2009-07-18 15:17:42 ----SHD---- C:\System Volume Information
2009-07-18 15:17:42 ----D---- C:\WINDOWS\system32\Restore
2009-07-18 15:17:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-18 14:27:58 ----D---- C:\Program Files
2009-07-18 14:27:56 ----D---- C:\WINDOWS\system32\drivers
2009-07-18 13:21:43 ----D---- C:\Program Files\Mozilla Firefox
2009-07-18 13:17:30 ----A---- C:\WINDOWS\system.ini
2009-07-18 13:15:17 ----D---- C:\WINDOWS\system32\config
2009-07-18 13:13:38 ----D---- C:\WINDOWS\AppPatch
2009-07-18 13:09:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-18 11:20:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-18 11:14:16 ----RASH---- C:\boot.ini
2009-07-17 22:42:26 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-17 22:36:39 ----D---- C:\Documents and Settings\Vlastnik\Application Data\dvdcss
2009-07-16 23:02:26 ----D---- C:\Documents and Settings\Vlastnik\Application Data\uTorrent
2009-07-16 21:14:16 ----D---- C:\Downloads
2009-07-16 18:00:24 ----D---- C:\Program Files\FlashGet
2009-07-14 13:40:48 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-14 13:40:33 ----RSD---- C:\WINDOWS\assembly
2009-07-14 13:06:56 ----HD---- C:\Config.Msi
2009-07-14 02:04:34 ----HD---- C:\WINDOWS\inf
2009-07-14 01:29:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-14 01:29:08 ----SHD---- C:\WINDOWS\Installer
2009-07-14 01:27:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-14 01:27:06 ----D---- C:\WINDOWS\system32\1033
2009-07-14 01:26:01 ----D---- C:\WINDOWS\WinSxS
2009-07-14 01:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-14 01:22:58 ----SD---- C:\Documents and Settings\Vlastnik\Application Data\Microsoft
2009-07-14 01:22:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-14 01:17:16 ----D---- C:\WINDOWS\system32\mui
2009-07-14 01:09:34 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-14 01:09:31 ----D---- C:\WINDOWS\system32\en-us
2009-07-14 01:09:23 ----RSD---- C:\WINDOWS\Fonts
2009-07-14 01:05:48 ----D---- C:\Program Files\Internet Explorer
2009-07-08 20:42:12 ----D---- C:\Program Files\uTorrent
2009-07-03 23:29:44 ----D---- C:\Documents and Settings\All Users\Application Data\Bluetooth
2009-07-03 15:12:17 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-02 13:33:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-01 23:42:42 ----SD---- C:\WINDOWS\Tasks
2009-06-30 15:34:04 ----D---- C:\Program Files\VertrigoServ
2009-06-29 23:17:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-27 15:53:44 ----D---- C:\Program Files\WinClamAVShield
2009-06-27 13:45:21 ----D---- C:\Documents and Settings\Vlastnik\Application Data\Real
2009-06-25 23:59:24 ----D---- C:\WINDOWS\system
2009-06-25 21:17:17 ----D---- C:\Program Files\QIP Infium
2009-06-25 19:39:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-25 13:12:23 ----D---- C:\Program Files\Adobe
2009-06-25 13:07:31 ----D---- C:\Documents and Settings\Vlastnik\Application Data\Adobe
2009-06-23 23:45:39 ----D---- C:\Documents and Settings\Vlastnik\Application Data\AIMP
2009-06-20 21:12:58 ----A---- C:\WINDOWS\win.ini
2009-06-20 21:12:58 ----A---- C:\Boot.bak
2009-06-19 22:08:03 ----D---- C:\WINDOWS\pss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2009-05-31 4484]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-01 29704]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-03-01 54280]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2009-05-19 2996]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-04-15 36096]
R2 DLPortIO;DriverLINX Port I/O Driver; C:\WINDOWS\system32\drivers\DLPortIO.sys [1996-09-27 3584]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-03-01 71176]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-04-15 62336]
R2 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-03-05 34576]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 catchme;catchme; \??\C:\DOCUME~1\Vlastnik\LOCALS~1\Temp\catchme.sys []
R3 cmuda3;C-Media PCI Audio Interface; C:\WINDOWS\system32\drivers\cmuda3.sys [2004-08-16 798592]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-03-01 30728]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2007-04-15 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-04-15 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-04-15 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-04-15 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R4 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S3 aui0l0dw;aui0l0dw; C:\WINDOWS\system32\drivers\aui0l0dw.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-03-05 39184]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274304]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 Smport;Smport; \??\C:\WINDOWS\system32\Smport.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2007-01-12 117520]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-17 152984]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-06-14 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-03-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-14 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------

Damned · Příspěvekod **Damned** » 18 črc 2009 21:04

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na plochu.
Smažeme rootkita a ClamAV a uvidíme.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
C:\DOCUME~1\Vlastnik\LOCALS~1\Temp\catchme.sys
C:\Documents and Settings\Vlastnik\LocalSettings\temp\catchme.sys
C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
C:\WINDOWS\system32\Smport.sys

Folder::
C:\Program Files\WinClamAVShield

Driver::
catchme;catchme
catchme
sp_rsdrv2;Spyware Terminator Driver 2
sp_rsdrv2
Smport;Smport
Smport

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
*****************************************************************************************************************************************
Start --> Nástroje pro Správu--> Služby a podívej se zda máš ty služby ESETu zapnutý.

reddwarf55555 · Příspěvekod **reddwarf55555** » 18 črc 2009 21:49

ComboFix 09-07-14.08 - Vlastnik . 07. 2009 21:34.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.303 [GMT 2:00]
Running from: c:\documents and settings\Vlastnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vlastnik\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

FILE ::
"c:\docume~1\Vlastnik\LOCALS~1\Temp\catchme.sys"
"c:\documents and settings\Vlastnik\LocalSettings\temp\catchme.sys"
"c:\windows\system32\drivers\sp_rsdrv2.sys"
"c:\windows\system32\Smport.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinClamAVShield
c:\program files\WinClamAVShield\_readme.txt
c:\program files\WinClamAVShield\ClamAVServer.dll
c:\program files\WinClamAVShield\COPYING
c:\program files\WinClamAVShield\daily.cvd
c:\program files\WinClamAVShield\libclamav.dll
c:\program files\WinClamAVShield\libclamunrar.dll
c:\program files\WinClamAVShield\libclamunrar_iface.dll
c:\program files\WinClamAVShield\main.cvd
c:\program files\WinClamAVShield\xClamAVServerSources.zip
c:\windows\regedit.com
c:\windows\system32\Smport.sys
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CATCHME
-------\Legacy_SMPORT
-------\Legacy_SP_RSDRV2
-------\Service_catchme
-------\Service_Smport
-------\Service_sp_rsdrv2

((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 19:30 . 2009-07-18 19:30 -------- d-----w- c:\documents and settings\Vlastnik\Local Settings\Application Data\ESET
2009-07-18 17:30 . 2009-07-18 17:30 -------- d-----w- C:\rsit
2009-07-18 15:00 . 2009-07-18 15:00 -------- d---a-w- c:\windows\system32\runouce.exe
2009-07-18 14:39 . 2009-07-18 14:39 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-07-18 14:39 . 2004-08-03 23:56 135680 ----a-w- c:\windows\system32\T.COM
2009-07-18 14:39 . 2004-08-03 23:56 146432 ----a-w- c:\windows\R.COM
2009-07-18 14:39 . 2009-07-18 14:39 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-07-18 14:39 . 2009-07-18 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2009-07-18 13:55 . 2009-07-18 14:00 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Download Manager
2009-07-18 13:36 . 2009-07-18 13:36 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-18 08:46 . 2009-07-18 08:46 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Malwarebytes
2009-07-18 08:46 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 08:46 . 2009-07-18 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-18 08:46 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 08:46 . 2009-07-18 08:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 22:48 . 2009-07-17 22:48 -------- d-----w- c:\program files\Trend Micro
2009-07-17 22:41 . 2009-07-17 22:41 -------- d-----w- c:\program files\XP TCPIP Repair
2009-07-16 23:20 . 2009-07-16 23:20 -------- d-----w- c:\program files\ReadManiac
2009-07-16 23:10 . 2009-07-16 23:10 -------- d-----w- c:\program files\BR4
2009-07-16 18:47 . 2009-07-16 18:47 -------- d-----w- c:\documents and settings\Vlastnik\Local Settings\Application Data\Temp
2009-07-13 23:29 . 2008-07-10 15:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-07-13 23:29 . 2008-07-10 15:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-07-13 23:28 . 2009-07-13 23:28 -------- d-----w- c:\windows\system32\RsFx
2009-07-13 23:27 . 2009-07-13 23:27 -------- d-----w- c:\program files\MSXML 6.0
2009-07-13 23:23 . 2009-07-13 23:23 488576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\9.0\1033\ResourceCache.dll
2009-07-13 23:19 . 2009-07-13 23:20 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-07-13 23:16 . 2009-07-13 23:28 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-13 23:16 . 2009-07-13 23:16 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-13 23:16 . 2009-07-13 23:16 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-07-13 23:15 . 2009-07-13 23:22 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-13 23:13 . 2009-07-13 23:26 -------- d-----w- c:\program files\Microsoft.NET
2009-07-13 23:12 . 2009-07-13 23:21 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-07-13 23:12 . 2009-07-13 23:13 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-07-13 23:11 . 2009-07-13 23:11 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-09 16:43 . 2009-07-09 16:43 -------- d-----w- c:\program files\WorldUnlock Codes Calculator
2009-07-09 15:43 . 2009-07-09 15:43 -------- d-----w- c:\program files\stroboMania
2009-07-08 18:41 . 2009-07-08 18:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-07-08 16:43 . 2009-07-08 16:45 -------- d-----w- c:\program files\auto_test
2009-07-08 07:03 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-07-08 07:03 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-07-08 07:03 . 2009-03-24 12:43 235520 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-07-08 07:03 . 2009-03-24 12:43 338432 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-07-08 07:03 . 2009-03-24 12:42 235008 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-07-08 07:03 . 2009-03-24 12:42 345088 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-07-07 20:53 . 2009-07-07 20:53 -------- d-----w- c:\program files\Google Hacks
2009-07-04 15:13 . 2009-07-04 15:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2009-07-03 13:03 . 2009-07-03 13:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-07-03 11:54 . 2009-07-06 08:49 -------- d-----w- c:\program files\Bus Driver
2009-06-29 21:14 . 2009-06-29 21:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-06-29 18:09 . 2009-06-29 18:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\ICQ
2009-06-29 16:35 . 2009-06-29 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2009-06-29 16:35 . 2009-07-04 15:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2009-06-29 15:00 . 2009-06-29 15:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2009-06-29 14:57 . 2009-06-29 14:57 143600 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 13:26 . 2009-06-29 13:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\PSpad
2009-06-29 09:25 . 2009-06-29 15:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-06-28 08:16 . 2009-06-29 09:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2009-06-27 23:09 . 2009-06-29 16:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-06-27 22:56 . 2009-06-27 23:34 -------- d-----w- C:\ FL Studio 8
2009-06-27 22:49 . 2009-06-27 22:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-06-27 22:43 . 2009-06-27 22:55 -------- d-----w- c:\program files\FL Studio 8
2009-06-27 11:45 . 2009-06-27 11:45 390664 ----a-w- c:\documents and settings\Vlastnik\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-26 11:44 . 2009-06-28 08:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-06-26 07:29 . 2009-06-29 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GHISLER
2009-06-26 07:23 . 2009-06-26 07:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-25 17:54 . 2009-06-25 17:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-06-25 17:39 . 2009-06-25 17:39 -------- d-----w- c:\program files\Rockstar Games
2009-06-22 17:21 . 2009-06-22 17:21 -------- d-----w- c:\program files\IrfanView
2009-06-20 21:47 . 2009-06-20 21:47 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Publish Providers
2009-06-20 21:46 . 2009-06-20 21:46 -------- d-----w- c:\documents and settings\Vlastnik\Local Settings\Application Data\Sony
2009-06-20 21:46 . 2009-06-20 21:46 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Sony
2009-06-20 21:42 . 2009-06-20 21:42 -------- d-----w- c:\program files\Vstplugins
2009-06-20 21:39 . 2009-06-20 21:45 -------- d-----w- c:\program files\Sony
2009-06-20 21:38 . 2009-06-20 21:38 -------- d-----w- c:\program files\Sony Setup
2009-06-19 19:19 . 2009-06-19 19:19 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Panasonic
2009-06-19 19:16 . 2009-06-19 19:16 -------- d-----w- c:\program files\Panasonic
2009-06-19 19:15 . 2009-06-19 19:15 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 19:36 . 2009-05-31 18:38 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Skype
2009-07-18 14:06 . 2009-05-31 18:39 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\skypePM
2009-07-17 20:36 . 2009-05-22 11:45 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\dvdcss
2009-07-16 21:02 . 2009-05-16 16:14 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\uTorrent
2009-07-16 16:00 . 2009-04-27 18:56 -------- d-----w- c:\program files\FlashGet
2009-07-13 23:45 . 2009-04-19 18:19 143600 ----a-w- c:\documents and settings\Vlastnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 23:23 . 2009-04-27 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-13 23:10 . 2009-06-14 17:50 297504 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-08 18:42 . 2009-05-16 16:13 -------- d-----w- c:\program files\uTorrent
2009-07-05 15:34 . 2009-06-07 12:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator
2009-07-03 21:29 . 2009-05-10 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2009-06-30 13:34 . 2009-06-03 14:57 -------- d-----w- c:\program files\VertrigoServ
2009-06-29 21:17 . 2009-04-24 15:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-25 19:17 . 2009-05-16 16:04 -------- d-----w- c:\program files\QIP Infium
2009-06-25 17:39 . 2009-04-19 10:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 21:45 . 2009-06-17 19:25 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\AIMP
2009-06-17 19:25 . 2009-06-17 19:24 -------- d-----w- c:\program files\AIMP2
2009-06-17 16:04 . 2009-05-25 19:04 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\TeamViewer
2009-06-17 14:41 . 2009-04-26 13:21 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\HP
2009-06-15 18:09 . 2009-06-14 21:51 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\codeblocks
2009-06-15 13:51 . 2009-06-15 13:47 -------- d-----w- c:\program files\Game_Maker7
2009-06-15 13:02 . 2009-06-15 13:02 -------- d-----w- c:\program files\BORLAND
2009-06-14 19:27 . 2009-06-14 17:33 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Autodesk
2009-06-14 19:15 . 2009-06-14 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-06-14 18:12 . 2009-06-14 17:33 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-14 18:11 . 2009-06-14 17:56 -------- d-----w- c:\program files\AutoCAD 2009
2009-06-14 17:50 . 2009-04-27 16:16 -------- d-----w- c:\program files\MSBuild
2009-06-14 17:42 . 2009-06-14 17:42 -------- d-----w- c:\program files\Reference Assemblies
2009-06-14 17:33 . 2009-06-14 17:33 -------- d-----w- c:\program files\Autodesk
2009-06-09 19:04 . 2009-04-27 17:59 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\vlc
2009-06-07 12:46 . 2009-05-29 21:01 -------- d-----w- c:\program files\GIGABYTE
2009-06-06 20:35 . 2009-06-06 20:35 -------- d-----w- c:\program files\Lavalys
2009-06-06 19:17 . 2009-06-06 19:17 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Apple Computer
2009-06-05 21:48 . 2009-05-31 15:05 -------- d-----w- c:\program files\Form Pilot Home Demo
2009-06-05 21:46 . 2009-06-04 12:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-05 21:46 . 2009-06-04 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-05 21:46 . 2009-05-28 21:42 -------- d-----w- c:\program files\Request Slip Generator
2009-06-05 21:32 . 2009-04-19 10:51 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-06-03 15:49 . 2009-06-03 15:49 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Mikrotik
2009-05-31 21:16 . 2009-05-31 21:08 -------- d-----w- c:\program files\CpuIdle
2009-05-31 21:08 . 2009-05-31 21:08 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2009-05-31 18:37 . 2009-05-31 18:37 -------- d-----w- c:\program files\Common Files\Skype
2009-05-31 18:37 . 2009-05-31 18:37 -------- d-----r- c:\program files\Skype
2009-05-31 18:37 . 2009-05-31 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-31 15:55 . 2009-05-24 18:56 -------- d-----w- c:\program files\ICQ6.5
2009-05-31 13:15 . 2009-05-31 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-31 12:05 . 2009-05-21 20:05 -------- d-----w- c:\program files\jalcds
2009-05-31 12:00 . 2009-05-16 16:07 -------- d-----w- c:\program files\Winamp
2009-05-30 20:04 . 2009-05-30 20:04 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\TuneUp Software
2009-05-30 20:03 . 2009-05-30 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-30 20:02 . 2009-05-30 20:02 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-29 21:01 . 2009-05-29 21:01 -------- d-----w- c:\program files\I-Cool
2009-05-29 14:01 . 2009-05-29 14:01 -------- d-----w- c:\program files\Microsoft Games
2009-05-29 11:10 . 2009-05-30 15:09 39916 ----a-w- c:\windows\Fonts\handsean.ttf
2009-05-28 21:57 . 2009-05-28 21:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-05-28 21:57 . 2009-05-28 21:57 -------- d-----w- c:\program files\DVDVideoSoft
2009-05-27 20:18 . 2009-05-25 14:06 -------- d-----w- c:\program files\WebSite X5 v8 - Smart
2009-05-25 19:36 . 2009-05-25 19:35 -------- d-----w- c:\program files\GoldWave
2009-05-25 19:03 . 2009-05-25 19:03 -------- d-----w- c:\program files\TeamViewer
2009-05-25 15:26 . 2009-05-25 15:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2009-05-25 15:26 . 2009-05-25 15:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\ProcessLasso
2009-05-25 15:11 . 2009-05-25 15:10 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Zoner
2009-05-25 15:10 . 2009-05-25 15:10 -------- d-----w- c:\program files\Zoner
2009-05-25 14:57 . 2009-05-25 14:57 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\Ashampoo
2009-05-25 14:54 . 2009-05-25 14:54 103424 ----a-w- c:\windows\system32\PowerUp3_nat.dll
2009-05-25 14:54 . 2009-05-25 14:54 -------- d-----w- c:\program files\Ashampoo
2009-05-24 18:57 . 2009-04-19 11:00 -------- d-----w- c:\program files\ICQ6
2009-05-24 17:45 . 2009-05-24 17:45 -------- d-----w- c:\program files\SpacialAudio
2009-05-24 17:45 . 2009-05-24 17:45 -------- d-----w- c:\program files\Firebird
2009-05-24 14:32 . 2009-05-20 19:54 -------- d-----w- c:\documents and settings\Vlastnik\Application Data\FileZilla
2009-05-23 19:41 . 2009-05-23 19:41 235513 ----a-w- c:\documents and settings\Vlastnik\Application Data\QIP\Profiles\351255296\RcvdFiles\Moloch_cz_235612104\strobo.exe
2009-05-23 18:35 . 2009-05-23 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-05-23 18:27 . 2009-05-23 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-23 17:26 . 2009-05-23 17:26 -------- d-----w- c:\program files\Barvy
2009-05-21 20:06 . 2009-05-21 20:05 -------- d-----w- c:\program files\DLPortIO
2009-05-21 19:56 . 2009-05-21 19:56 249856 ------w- c:\windows\Setup1.exe
2009-05-21 19:56 . 2009-05-21 19:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-20 19:53 . 2009-05-20 19:53 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-19 14:16 . 2009-05-19 14:16 2996 ----a-w- c:\windows\system32\drivers\hwinterface.sys
2009-05-17 19:24 . 2009-05-17 19:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 19:24 . 2009-05-17 19:24 152576 ----a-w- c:\documents and settings\Vlastnik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-15 09:13 . 2009-05-30 15:09 42188 ----a-w- c:\windows\Fonts\Les_oeufs_de_Cassowary.ttf
2009-05-14 18:12 . 2009-04-19 10:41 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-14 18:12 . 2009-04-19 10:40 2722 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-14 18:11 . 2009-04-19 10:41 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-10 18:42 . 2009-05-10 18:42 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe
2009-05-10 18:42 . 2009-05-10 18:42 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-05-10 18:42 . 2009-05-10 18:42 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe
2009-05-10 10:47 . 2009-05-10 18:43 33963176 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_slk_web.exe
2009-05-08 15:51 . 2009-05-30 15:09 779996 ----a-w- c:\windows\Fonts\Urban.ttf
2009-05-07 11:58 . 2009-05-30 15:09 370648 ----a-w- c:\windows\Fonts\negatron.ttf
2009-05-07 04:37 . 2009-05-30 15:09 36784 ----a-w- c:\windows\Fonts\Hannahs_Messy_Handwriting.ttf
2009-05-06 12:23 . 2009-05-14 15:35 372736 ----a-w- c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-04-27 16:06 . 2009-04-27 16:06 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-26 13:35 . 2009-04-24 15:52 25040 ----a-w- c:\windows\system32\drivers\TVicHW32.sys
2009-04-26 13:35 . 2009-04-24 15:52 49152 ----a-w- c:\windows\IgorDRV.dll
2009-04-26 13:21 . 2009-04-26 13:11 117150 ----a-w- c:\windows\hpoins11.dat
2009-07-17 09:16 . 2009-06-04 22:48 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-27 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2007-04-15 53760]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FirebirdServerDefaultInstance"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [19. 5. 2009 16:16 2996]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [21. 5. 2009 22:05 3584]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21. 12. 2007 8:21 468224]
R2 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVicHW32.sys [24. 4. 2009 17:52 25040]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [19. 4. 2009 22:05 33176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10. 7. 2008 17:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10. 7. 2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10. 7. 2008 17:28 369688]
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-436374069-839522115-1003Core.job
- c:\documents and settings\Vlastnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-29 21:03]

2009-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-436374069-839522115-1003UA.job
- c:\documents and settings\Vlastnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-29 21:03]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/ig?hl=sk&source=iglk
FF - component: c:\documents and settings\Vlastnik\Application Data\Mozilla\Firefox\Profiles\pd6hutzw.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Vlastnik\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 21:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSSK.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-18 21:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 19:47
ComboFix2.txt 2009-07-18 11:20

Pre-Run: 9 926 791 168 bytes free
Post-Run: 9 982 808 064 bytes free

397

*******************************************************************************************
*******************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:29, on 18. 7. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7413 bytes

Eset nefunguje stale... nič sa nezmenilo iba som si všimol, že keď sa zapne šetrič tak ho to automaicky samo vypne do 1 sekundy... Som to sledoval par krat a stale sa hned vypol.

Damned · Příspěvekod **Damned** » 18 črc 2009 22:30

Zkus ještě: Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlačitky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.
///EDIT: pak sem můžeš dát log z Dr. Web CureIt

Pokud ani to nepomůže, asi bych zkusil reinstal ESETu, mě připadá, že tam jeden ovladač chybí, ale ESET nemám, tak nevím. V registru jsme opravili vše, šmejdy a šmejdíky sme odstranili. Zkus si stáhnout novou instalačku ESETu, odinstalační nástroj ( na NOD je tento : http://www.nod32.nl/download/tool/nod32removal.exe ) z jejich stránek. Do čista odinstalovat a znovu nainstalovat a dát pozor ať se správně nainstalují všechny komponenty.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem a použij i T-Cleaner smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Prosím o kontrolu logu Vyřešeno

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online