Fixni v HJT tyto položky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O21 - SSODL: rqbmvpso - {40CDC73F-BB56-4844-A413-3681D04456AA} - C:\WINDOWS\rqbmvpso.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Použij znovu Avenger, ale tentokrát vlož do něho toto:
Files to delete:
C:\WINDOWS\system32\frnatybv.ini
Folders to delete:
C:\WINDOWS\privacy_danger
Dej sem pak jeho log
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený modře:
@echo off
for %%g in (
"%AppData%\TmpRecentIcons\BitLord.lnk"
"%AppData%\TmpRecentIcons\Collab.lnk"
"%AppData%\TmpRecentIcons\Crystal Player.lnk"
"%AppData%\TmpRecentIcons\EVEREST Home Edition.lnk"
"%AppData%\TmpRecentIcons\FL Studio 8.lnk"
"%AppData%\TmpRecentIcons\Go-Go Gourmet 2 - Chef of the Year.lnk"
"%AppData%\TmpRecentIcons\GS Typing Tutor.lnk"
"%AppData%\TmpRecentIcons\ImgBurn.lnk"
"%AppData%\TmpRecentIcons\Odkaz na cakemania2.lnk"
"%AppData%\TmpRecentIcons\Odkaz na CDex.exe.lnk"
"%AppData%\TmpRecentIcons\Odkaz na FlowerStandTycoon.lnk"
"%AppData%\TmpRecentIcons\Odkaz na Jednotka CD.lnk"
"%AppData%\TmpRecentIcons\Odkaz na JennysFishShop.lnk"
"%AppData%\TmpRecentIcons\Odkaz na JewelQuest3.exe.lnk"
"%AppData%\TmpRecentIcons\Odkaz na VirtualFarm.lnk"
"%AppData%\TmpRecentIcons\PC Translator 2004.lnk"
"%AppData%\TmpRecentIcons\Play Age of Emerald.lnk"
"%AppData%\TmpRecentIcons\Play Bloom Busters.lnk"
"%AppData%\TmpRecentIcons\Slovnˇk.lnk"
"%AppData%\TmpRecentIcons\Web Translator 2004.lnk"
) do (
if exist %%g (
move /y %%g "%userprofile%\Desktop"
if exist %%g (
echo Soubor %%g nebyl presunut.>>"%userprofile%\Desktop\ikony.txt") else (
echo Soubor %%g byl uspesne presunut.>>"%userprofile%\Desktop\ikony.txt")))
notepad "%userprofile%\Desktop\ikony.txt"
del /a /f /q "%userprofile%\Desktop\ikony.txt"
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: prestmp.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Spusť ho a za chvíli se ti zobrazí okno s logem, tak ho sem vlož.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Dej sem pak nový log z RSIT + řekni, co ještě z problémů zůstalo.
Prosim help me VIRUS ALERT Vyřešeno
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosim help me VIRUS ALERT
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Prosim help me VIRUS ALERT
ahoj,diky,... tu je log z Avengeru >>
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\frnatybv.ini" deleted successfully.
Folder "C:\WINDOWS\privacy_danger" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\frnatybv.ini" deleted successfully.
Folder "C:\WINDOWS\privacy_danger" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Re: Prosim help me VIRUS ALERT
..a tu log z prestmp.bat >>
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\BitLord.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Collab.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Crystal Player.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\EVEREST Home Edition.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\FL Studio 8.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Go-Go Gourmet 2 - Chef of the Year.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\GS Typing Tutor.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\ImgBurn.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na cakemania2.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na CDex.exe.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na FlowerStandTycoon.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na Jednotka CD.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na JennysFishShop.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na JewelQuest3.exe.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na VirtualFarm.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\PC Translator 2004.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Play Age of Emerald.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Play Bloom Busters.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Slovnˇk.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Web Translator 2004.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\BitLord.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Collab.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Crystal Player.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\EVEREST Home Edition.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\FL Studio 8.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Go-Go Gourmet 2 - Chef of the Year.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\GS Typing Tutor.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\ImgBurn.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na cakemania2.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na CDex.exe.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na FlowerStandTycoon.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na Jednotka CD.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na JennysFishShop.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na JewelQuest3.exe.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Odkaz na VirtualFarm.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\PC Translator 2004.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Play Age of Emerald.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Play Bloom Busters.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Slovnˇk.lnk" byl uspesne presunut.
Soubor "C:\Documents and Settings\admin\Application Data\TmpRecentIcons\Web Translator 2004.lnk" byl uspesne presunut.
Re: Prosim help me VIRUS ALERT
...a este log z RSIT >>
Logfile of random's system information tool (written by random/random)
Run by admin at 2008-08-28 22:22:37
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (31%) free of 38 GB
Total RAM: 1023 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:40, on 2008-08-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\Notepad.exe
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\admin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7150368125
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6580 bytes
Scheduled tasks folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\rpc.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-14 734704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2008-05-02 1630208]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-01-07 81920]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-16 68856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=scecli
scecli
scecli
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
List of files/folders created in the last three months
2008-08-28 21:53:12 ----A---- C:\avenger.txt
2008-08-28 18:06:16 ----D---- C:\rsit
2008-08-28 18:05:24 ----A---- C:\RSIT.exe
2008-08-28 14:50:01 ----D---- C:\Avenger
2008-08-28 14:27:05 ----A---- C:\avenger.exe
2008-08-27 22:47:23 ----A---- C:\WINDOWS\unins000.exe
2008-08-27 21:08:01 ----D---- C:\Documents and Settings\admin\Application Data\TmpRecentIcons
2008-08-27 21:06:31 ----D---- C:\WINDOWS\temp
2008-08-27 21:05:25 ----D---- C:\Termvir
2008-08-27 21:05:24 ----A---- C:\WINDOWS\system32\CF22097.exe
2008-08-27 20:18:35 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-08-27 20:16:21 ----D---- C:\WINDOWS\erdnt
2008-08-27 20:15:07 ----A---- C:\WINDOWS\zip.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\VFind.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\swreg.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\sed.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\Nircmd.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\grep.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\fdsv.exe
2008-08-27 20:15:06 ----A---- C:\WINDOWS\swxcacls.exe
2008-08-27 20:15:06 ----A---- C:\WINDOWS\swsc.exe
2008-08-27 19:29:42 ----D---- C:\SDFix
2008-08-27 18:35:34 ----D---- C:\WINDOWS\ERUNT
2008-08-27 18:28:55 ----D---- C:\WINDOWS\pss
2008-08-27 17:23:25 ----A---- C:\SDFix.exe
2008-08-27 14:43:35 ----D---- C:\ComboFix
2008-08-27 14:38:57 ----D---- C:\QooBox
2008-08-26 22:01:48 ----A---- C:\WINDOWS\system32\2b345de0-.txt
2008-08-26 21:34:49 ----D---- C:\Documents and Settings\admin\Application Data\Thinstall
2008-08-25 09:03:09 ----A---- C:\WINDOWS\d3drm.dll
2008-08-25 09:03:08 ----D---- C:\Program Files\Age of Dinosaurs 3D
2008-08-25 09:02:33 ----A---- C:\WINDOWS\dx7ogl32.dll
2008-08-25 09:02:32 ----D---- C:\Program Files\3D Fish School 4
2008-08-24 18:24:50 ----D---- C:\Program Files\Astro Gemini Software
2008-08-24 18:24:47 ----D---- C:\Program Files\Dinosaurs 3D Screensaver
2008-08-24 18:24:47 ----A---- C:\WINDOWS\system32\bass.dll
2008-08-24 18:20:58 ----D---- C:\Program Files\Common Files\Winferno
2008-08-20 07:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2008-08-20 07:56:51 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-08-17 13:13:25 ----D---- C:\WINDOWS\Age of Emerald
2008-08-17 13:08:01 ----D---- C:\Documents and Settings\admin\Application Data\Go-Go Gourmet Chef of the Year
2008-08-17 13:06:20 ----D---- C:\WINDOWS\Go-Go Gourmet 2 - Chef of the Year
2008-08-12 19:12:23 ----D---- C:\WINDOWS\Bloom Busters
2008-08-10 21:09:23 ----D---- C:\Documents and Settings\admin\Application Data\iWin
2008-08-10 09:58:56 ----D---- C:\Documents and Settings\admin\Application Data\Skype
2008-08-10 09:58:46 ----D---- C:\Program Files\Common Files\Skype
2008-08-06 21:33:26 ----D---- C:\Documents and Settings\admin\Application Data\MysteryStudio
2008-08-05 18:54:01 ----D---- C:\WINDOWS\16 Big Fish Games
2008-08-05 13:39:43 ----D---- C:\Documents and Settings\admin\Application Data\cerasus
2008-08-05 11:21:23 ----D---- C:\Program Files\Common Files\SWF Studio
2008-07-30 23:11:33 ----D---- C:\Program Files\Motherboard Monitor 5
2008-07-30 21:24:59 ----D---- C:\Program Files\Lavalys
2008-07-28 16:44:45 ----D---- C:\Documents and Settings\admin\Application Data\cerasus.media
2008-07-28 16:43:14 ----D---- C:\WINDOWS\Mystery Stories-Island of Hope
2008-07-28 16:43:14 ----D---- C:\Program Files\Mystery Stories-Island of Hope
2008-07-24 21:29:47 ----D---- C:\Documents and Settings\admin\Application Data\Hulabee
2008-07-24 21:24:56 ----D---- C:\Program Files\Piglet's Big Game
2008-07-24 11:47:50 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-07-22 13:17:27 ----D---- C:\Program Files\BitLord
2008-07-22 12:50:39 ----D---- C:\BitLord
2008-07-18 23:02:40 ----D---- C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2008-07-18 22:55:28 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-07-13 01:24:31 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-07-13 00:20:08 ----D---- C:\WINDOWS\nview
2008-07-13 00:20:08 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-09 09:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-09 00:21:58 ----D---- C:\Program Files\Talisman 3
2008-07-08 21:48:06 ----D---- C:\Documents and Settings\admin\Application Data\FreeCall
2008-07-08 21:42:25 ----D---- C:\Program Files\FreeCall.com
2008-07-06 22:47:11 ----D---- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-06 19:22:38 ----D---- C:\Documents and Settings\admin\Application Data\Uniblue
2008-07-06 18:15:58 ----D---- C:\Program Files\Uniblue
2008-07-06 16:49:46 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2008-07-06 16:49:45 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-06 16:10:23 ----A---- C:\WINDOWS\cgminivw.ini
2008-07-06 16:07:35 ----A---- C:\WINDOWS\Tiny_Run.ini
2008-07-06 09:43:49 ----D---- C:\Program Files\CDex_170b2
2008-07-05 21:28:43 ----D---- C:\Program Files\Crystal Player
2008-07-04 17:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-07-04 16:54:54 ----D---- C:\Program Files\FlashGet
2008-07-04 00:23:33 ----D---- C:\Program Files\COMODO
2008-07-03 23:53:46 ----A---- C:\WINDOWS\system32\cssdll32.dll
2008-07-03 23:39:57 ----D---- C:\Program Files\SUPERAntiSpyware
2008-07-03 22:20:17 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-03 22:20:11 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-07-02 21:20:39 ----D---- C:\Program Files\Freeze.com
2008-07-02 21:19:54 ----D---- C:\Program Files\Free Offers from Freeze.com
2008-07-02 21:18:07 ----D---- C:\Program Files\Winferno
2008-07-02 21:17:02 ----D---- C:\Documents and Settings\admin\Application Data\TERMINAL Studio
2008-07-02 20:19:06 ----D---- C:\Documents and Settings\admin\Application Data\Astro Gemini Software
2008-07-01 17:15:01 ----D---- C:\Documents and Settings\admin\Application Data\vlc
2008-07-01 17:14:28 ----D---- C:\Program Files\Winamp
2008-07-01 15:20:23 ----D---- C:\Documents and Settings\admin\Application Data\ImgBurn
2008-07-01 14:56:17 ----D---- C:\Documents and Settings\admin\Application Data\Skype(4)
2008-07-01 14:51:22 ----D---- C:\Documents and Settings\admin\Application Data\Skype(3)
2008-06-30 18:02:28 ----D---- C:\Program Files\Sonique(2)
2008-06-30 17:58:27 ----D---- C:\Documents and Settings\admin\Application Data\Winamp
2008-06-29 18:28:54 ----D---- C:\Program Files\Java
2008-06-29 18:28:53 ----D---- C:\Program Files\Common Files\Java
2008-06-24 13:18:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-06-23 14:03:24 ----D---- C:\Documents and Settings\admin\Application Data\Playrix Entertainment
2008-06-23 10:40:25 ----D---- C:\WINDOWS\Supermarket Mania
2008-06-23 09:58:58 ----D---- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-17 22:47:23 ----D---- C:\WINDOWS\Album
2008-06-17 20:56:59 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-15 21:55:39 ----A---- C:\WINDOWS\TRNCOM.INI
2008-06-12 03:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-12 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-12 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-12 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-11 12:56:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-10 20:56:00 ----D---- C:\Program Files\Skype
2008-06-09 12:12:21 ----A---- C:\WINDOWS\system32\rewire.dll
2008-06-09 12:11:38 ----D---- C:\Program Files\Image-Line
2008-06-09 12:11:18 ----D---- C:\Program Files\Outsim
2008-06-08 21:27:34 ----D---- C:\WINDOWS\Balloon Bliss
2008-06-08 21:23:37 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-08 18:20:58 ----D---- C:\Documents and Settings\admin\Application Data\Alawar
2008-06-08 18:15:25 ----D---- C:\Program Files\Alawar
2008-06-08 11:52:05 ----SHD---- C:\RECYCLER
2008-06-07 21:21:25 ----D---- C:\Documents and Settings\admin\Application Data\WinRAR
2008-06-06 21:05:54 ----D---- C:\Program Files\VirusTotalUploader
2008-05-30 00:01:35 ----D---- C:\Program Files\Sony Corporation
2008-05-30 00:01:19 ----N---- C:\WINDOWS\snymsico.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CDDBUISony.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CddbLinkSony.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CDDBControlSony.dll
2008-05-30 00:00:23 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-29 23:59:53 ----D---- C:\Program Files\Sony
2008-05-29 23:59:24 ----D---- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59:24 ----D---- C:\Documents and Settings\admin\Application Data\Sony Corporation
List of drivers
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 catchme;catchme; \??\C:\Termvir\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 97184]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
List of services
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UxTuneUp;TuneUp rozšíření vzhledu; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-31 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-01-06 69632]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-26 306432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
-----------------EOF-----------------
Logfile of random's system information tool (written by random/random)
Run by admin at 2008-08-28 22:22:37
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (31%) free of 38 GB
Total RAM: 1023 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:40, on 2008-08-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\Notepad.exe
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\admin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7150368125
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6580 bytes
Scheduled tasks folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\rpc.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-14 734704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2008-05-02 1630208]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-19 16062464]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-01-07 81920]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-16 68856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=scecli
scecli
scecli
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
List of files/folders created in the last three months
2008-08-28 21:53:12 ----A---- C:\avenger.txt
2008-08-28 18:06:16 ----D---- C:\rsit
2008-08-28 18:05:24 ----A---- C:\RSIT.exe
2008-08-28 14:50:01 ----D---- C:\Avenger
2008-08-28 14:27:05 ----A---- C:\avenger.exe
2008-08-27 22:47:23 ----A---- C:\WINDOWS\unins000.exe
2008-08-27 21:08:01 ----D---- C:\Documents and Settings\admin\Application Data\TmpRecentIcons
2008-08-27 21:06:31 ----D---- C:\WINDOWS\temp
2008-08-27 21:05:25 ----D---- C:\Termvir
2008-08-27 21:05:24 ----A---- C:\WINDOWS\system32\CF22097.exe
2008-08-27 20:18:35 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-08-27 20:16:21 ----D---- C:\WINDOWS\erdnt
2008-08-27 20:15:07 ----A---- C:\WINDOWS\zip.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\VFind.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\swreg.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\sed.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\Nircmd.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\grep.exe
2008-08-27 20:15:07 ----A---- C:\WINDOWS\fdsv.exe
2008-08-27 20:15:06 ----A---- C:\WINDOWS\swxcacls.exe
2008-08-27 20:15:06 ----A---- C:\WINDOWS\swsc.exe
2008-08-27 19:29:42 ----D---- C:\SDFix
2008-08-27 18:35:34 ----D---- C:\WINDOWS\ERUNT
2008-08-27 18:28:55 ----D---- C:\WINDOWS\pss
2008-08-27 17:23:25 ----A---- C:\SDFix.exe
2008-08-27 14:43:35 ----D---- C:\ComboFix
2008-08-27 14:38:57 ----D---- C:\QooBox
2008-08-26 22:01:48 ----A---- C:\WINDOWS\system32\2b345de0-.txt
2008-08-26 21:34:49 ----D---- C:\Documents and Settings\admin\Application Data\Thinstall
2008-08-25 09:03:09 ----A---- C:\WINDOWS\d3drm.dll
2008-08-25 09:03:08 ----D---- C:\Program Files\Age of Dinosaurs 3D
2008-08-25 09:02:33 ----A---- C:\WINDOWS\dx7ogl32.dll
2008-08-25 09:02:32 ----D---- C:\Program Files\3D Fish School 4
2008-08-24 18:24:50 ----D---- C:\Program Files\Astro Gemini Software
2008-08-24 18:24:47 ----D---- C:\Program Files\Dinosaurs 3D Screensaver
2008-08-24 18:24:47 ----A---- C:\WINDOWS\system32\bass.dll
2008-08-24 18:20:58 ----D---- C:\Program Files\Common Files\Winferno
2008-08-20 07:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2008-08-20 07:56:51 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-08-17 13:13:25 ----D---- C:\WINDOWS\Age of Emerald
2008-08-17 13:08:01 ----D---- C:\Documents and Settings\admin\Application Data\Go-Go Gourmet Chef of the Year
2008-08-17 13:06:20 ----D---- C:\WINDOWS\Go-Go Gourmet 2 - Chef of the Year
2008-08-12 19:12:23 ----D---- C:\WINDOWS\Bloom Busters
2008-08-10 21:09:23 ----D---- C:\Documents and Settings\admin\Application Data\iWin
2008-08-10 09:58:56 ----D---- C:\Documents and Settings\admin\Application Data\Skype
2008-08-10 09:58:46 ----D---- C:\Program Files\Common Files\Skype
2008-08-06 21:33:26 ----D---- C:\Documents and Settings\admin\Application Data\MysteryStudio
2008-08-05 18:54:01 ----D---- C:\WINDOWS\16 Big Fish Games
2008-08-05 13:39:43 ----D---- C:\Documents and Settings\admin\Application Data\cerasus
2008-08-05 11:21:23 ----D---- C:\Program Files\Common Files\SWF Studio
2008-07-30 23:11:33 ----D---- C:\Program Files\Motherboard Monitor 5
2008-07-30 21:24:59 ----D---- C:\Program Files\Lavalys
2008-07-28 16:44:45 ----D---- C:\Documents and Settings\admin\Application Data\cerasus.media
2008-07-28 16:43:14 ----D---- C:\WINDOWS\Mystery Stories-Island of Hope
2008-07-28 16:43:14 ----D---- C:\Program Files\Mystery Stories-Island of Hope
2008-07-24 21:29:47 ----D---- C:\Documents and Settings\admin\Application Data\Hulabee
2008-07-24 21:24:56 ----D---- C:\Program Files\Piglet's Big Game
2008-07-24 11:47:50 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-07-22 13:17:27 ----D---- C:\Program Files\BitLord
2008-07-22 12:50:39 ----D---- C:\BitLord
2008-07-18 23:02:40 ----D---- C:\Documents and Settings\admin\Application Data\OpenOffice.org2
2008-07-18 22:55:28 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-07-13 01:24:31 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-07-13 00:20:08 ----D---- C:\WINDOWS\nview
2008-07-13 00:20:08 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-09 09:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-09 00:21:58 ----D---- C:\Program Files\Talisman 3
2008-07-08 21:48:06 ----D---- C:\Documents and Settings\admin\Application Data\FreeCall
2008-07-08 21:42:25 ----D---- C:\Program Files\FreeCall.com
2008-07-06 22:47:11 ----D---- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-07-06 19:22:38 ----D---- C:\Documents and Settings\admin\Application Data\Uniblue
2008-07-06 18:15:58 ----D---- C:\Program Files\Uniblue
2008-07-06 16:49:46 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2008-07-06 16:49:45 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-06 16:10:23 ----A---- C:\WINDOWS\cgminivw.ini
2008-07-06 16:07:35 ----A---- C:\WINDOWS\Tiny_Run.ini
2008-07-06 09:43:49 ----D---- C:\Program Files\CDex_170b2
2008-07-05 21:28:43 ----D---- C:\Program Files\Crystal Player
2008-07-04 17:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-07-04 16:54:54 ----D---- C:\Program Files\FlashGet
2008-07-04 00:23:33 ----D---- C:\Program Files\COMODO
2008-07-03 23:53:46 ----A---- C:\WINDOWS\system32\cssdll32.dll
2008-07-03 23:39:57 ----D---- C:\Program Files\SUPERAntiSpyware
2008-07-03 22:20:17 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-03 22:20:11 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-07-02 21:20:39 ----D---- C:\Program Files\Freeze.com
2008-07-02 21:19:54 ----D---- C:\Program Files\Free Offers from Freeze.com
2008-07-02 21:18:07 ----D---- C:\Program Files\Winferno
2008-07-02 21:17:02 ----D---- C:\Documents and Settings\admin\Application Data\TERMINAL Studio
2008-07-02 20:19:06 ----D---- C:\Documents and Settings\admin\Application Data\Astro Gemini Software
2008-07-01 17:15:01 ----D---- C:\Documents and Settings\admin\Application Data\vlc
2008-07-01 17:14:28 ----D---- C:\Program Files\Winamp
2008-07-01 15:20:23 ----D---- C:\Documents and Settings\admin\Application Data\ImgBurn
2008-07-01 14:56:17 ----D---- C:\Documents and Settings\admin\Application Data\Skype(4)
2008-07-01 14:51:22 ----D---- C:\Documents and Settings\admin\Application Data\Skype(3)
2008-06-30 18:02:28 ----D---- C:\Program Files\Sonique(2)
2008-06-30 17:58:27 ----D---- C:\Documents and Settings\admin\Application Data\Winamp
2008-06-29 18:28:54 ----D---- C:\Program Files\Java
2008-06-29 18:28:53 ----D---- C:\Program Files\Common Files\Java
2008-06-24 13:18:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-06-23 14:03:24 ----D---- C:\Documents and Settings\admin\Application Data\Playrix Entertainment
2008-06-23 10:40:25 ----D---- C:\WINDOWS\Supermarket Mania
2008-06-23 09:58:58 ----D---- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-17 22:47:23 ----D---- C:\WINDOWS\Album
2008-06-17 20:56:59 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-15 21:55:39 ----A---- C:\WINDOWS\TRNCOM.INI
2008-06-12 03:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-12 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-12 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-12 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-12 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-11 12:56:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-10 20:56:00 ----D---- C:\Program Files\Skype
2008-06-09 12:12:21 ----A---- C:\WINDOWS\system32\rewire.dll
2008-06-09 12:11:38 ----D---- C:\Program Files\Image-Line
2008-06-09 12:11:18 ----D---- C:\Program Files\Outsim
2008-06-08 21:27:34 ----D---- C:\WINDOWS\Balloon Bliss
2008-06-08 21:23:37 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-08 18:20:58 ----D---- C:\Documents and Settings\admin\Application Data\Alawar
2008-06-08 18:15:25 ----D---- C:\Program Files\Alawar
2008-06-08 11:52:05 ----SHD---- C:\RECYCLER
2008-06-07 21:21:25 ----D---- C:\Documents and Settings\admin\Application Data\WinRAR
2008-06-06 21:05:54 ----D---- C:\Program Files\VirusTotalUploader
2008-05-30 00:01:35 ----D---- C:\Program Files\Sony Corporation
2008-05-30 00:01:19 ----N---- C:\WINDOWS\snymsico.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CDDBUISony.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CddbLinkSony.dll
2008-05-30 00:00:53 ----A---- C:\WINDOWS\system32\CDDBControlSony.dll
2008-05-30 00:00:23 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-29 23:59:53 ----D---- C:\Program Files\Sony
2008-05-29 23:59:24 ----D---- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59:24 ----D---- C:\Documents and Settings\admin\Application Data\Sony Corporation
List of drivers
R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-07-01 54280]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-07-01 71688]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-07-01 30728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 catchme;catchme; \??\C:\Termvir\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 97184]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
List of services
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 UxTuneUp;TuneUp rozšíření vzhledu; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-07-01 19200]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-31 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-01-06 69632]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-26 306432]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
-----------------EOF-----------------
Re: Prosim help me VIRUS ALERT
Ahoj,...uz teraz Ti dakujem za vsetku pomoc, teraz aj vobec,..moc si mi pomohol,.. zatial som nepostrehla nic, co by bolo v neporiadku,.. myslim, ze je to uz oki 
takze, este raz moc krat dik !! fakt si jednicka! 
takze, este raz moc krat dik !! fakt si jednicka! -
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Prosim help me VIRUS ALERT
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře "%userprofile%\Desktop\TermVir.exe" /u
a dej Ok.
- počkej až proběhne, bude tě o tom informovat.
Stáhni si a spusť T-cleaner a postupuj podle instrukcí. Po proběhnutí můžeš program smazat.
Smaž RSIT a jeho adresář C:\rsit
Pokud tedy nemáš žádné další problémy tak by to bylo vše.
a dej Ok.
- počkej až proběhne, bude tě o tom informovat.
Stáhni si a spusť T-cleaner a postupuj podle instrukcí. Po proběhnutí můžeš program smazat.
Smaž RSIT a jeho adresář C:\rsit
Pokud tedy nemáš žádné další problémy tak by to bylo vše.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Prosim help me VIRUS ALERT
Fajn,moc moc diky za pomoc ! 
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti