pls kontrolu specha-VYŘEŠENO

[kolers]

lidi neco sem chytl otevrel sem odkaz na icq=samovolny otevirani www stranek,zpomalenej pc, a zase mi neco mluvi do pc je to akutni nemuzu ho odstranit jak v nod 32 tak ad aware ani v procesxp ho nevidim pls help

Logfile of HijackThis v1.99.1
Scan saved at 20:49:21, on 11.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
F:\programy\Microsoft Office\Office12\GrooveMonitor.exe
F:\programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\programy\Internet Download Manager\IDMan.exe
C:\WINDOWS\System32\alg.exe
F:\programy\Internet Download Manager\IEMonitor.exe
F:\programy\ICQLite\ICQLite.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\zaloha\ostatni\ostatni\utility\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [GrooveMonitor] "F:\programy\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ICQ Lite] "F:\programy\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [CTSysVol] F:\programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\lkrnrdik.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [IDMan] F:\programy\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\programy\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\programy\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download All Links with IDM - F:\programy\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - F:\programy\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\programy\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\programy\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\programy\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\programy\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\programy\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5355952187
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CB0A4C6-214B-4FDE-A040-6043619C7288}: NameServer = 195.250.128.34 195.250.128.234
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\programy\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - F:\programy\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

[Reklama]

[memphisto]

nevypadá že by tam mělo být něco špatného ale možná jsem se přehlídl.stáhni si mwav a zkus scan pc
fixni tohle,jen zbytečnosti :
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

[sakiri]

Ale ano máš tam šmejda jménem Virtumonde.

Postupuj dle tohoto návodu

Použij ten VundoFix.

Mám k tomu návodu dvě připomínky:

1. Hned po spuštění Scan for Vundo

2. Je možné že se VundoFix po restartu znovu automaticky spustí, znamená, že některé infikované soubory, které našel, nemohly být smazány.A v tom případě opakuj postup s Vundofixem znovu.


Poté přejmenuj HihjackThis.exe na Analyse.exe a udělej log z toho přejmenovaného souboru + sem dej log z Vundofixu měl by být umístěný na C:\vundofix.txt

Ale na Celý log sem se nedíval.
Teď totiž momentálně nemám čas.

[kolers]

ok tk sem to vycistil tim vundem a po spusteni mi to napsalo: chyba pri zpusteni souboru C:C/WINDOWS/system32/ikrnrdik.dll

tady je ten log z prejmenovanyho hjt:

Logfile of HijackThis v1.99.1
Scan saved at 17:13:47, on 12.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Comodo\Firewall\CPF.exe
F:\programy\Microsoft Office\Office12\GrooveMonitor.exe
F:\programy\ICQLite\ICQLite.exe
F:\programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
F:\programy\Internet Download Manager\IDMan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\programy\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\totalcmd\TOTALCMD.EXE
D:\zaloha\ostatni\ostatni\utility\hijackthis\Analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\programy\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\sxnuebbl.dll (file missing)
O2 - BHO: (no name) - {6DDFA923-BC95-4A99-8289-2267BF08A1B5} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\programy\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {9B9F24FB-3C1B-4709-B8C4-DD32F596A94A} - C:\WINDOWS\system32\ddccbcd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [GrooveMonitor] "F:\programy\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ICQ Lite] "F:\programy\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [CTSysVol] F:\programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\lkrnrdik.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [IDMan] F:\programy\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\programy\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\programy\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download All Links with IDM - F:\programy\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - F:\programy\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\programy\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\programy\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\programy\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\programy\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\programy\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5355952187
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CB0A4C6-214B-4FDE-A040-6043619C7288}: NameServer = 195.250.128.34 195.250.128.234
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\programy\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ddccbcd - C:\WINDOWS\SYSTEM32\ddccbcd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - F:\programy\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

a tady z vunda:


VundoFix V6.3.19

Checking Java version...

Sun Java not detected
Scan started at 16:36:49 12.4.2007

Listing files found while scanning....

C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\kidrnrkl.ini
C:\WINDOWS\system32\lkrnrdik.dll
C:\WINDOWS\system32\sxnuebbl.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\jkhhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kidrnrkl.ini
C:\WINDOWS\system32\kidrnrkl.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lkrnrdik.dll
C:\WINDOWS\system32\lkrnrdik.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sxnuebbl.dll
C:\WINDOWS\system32\sxnuebbl.dll Has been deleted!

Performing Repairs to the registry.
Done!

[fredik]

Zatím fixni v HTJ (letmá kontrola):
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\sxnuebbl.dll (file missing)
O2 - BHO: (no name) - {6DDFA923-BC95-4A99-8289-2267BF08A1B5} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\lkrnrdik.dll",setvm

Použij ještě ten druhý nástroj VirtumundoBegone zmíněný v odkazu co dal sakiri. Pak sem dej nový log z HJT na ten mrkneme pořádně.

[kolers]

ten VirtumundoBegone asi nefunguje jak v normalnim tak nouzovim rezimu kdys ho zpustim tk chce porad restartovat pocitac

[fredik]

Udělej co jsem psal předtím a doporučil bych ti odinstalovat přes Přidat nebo odebrat programy: Megaupload Toolbar

No když ti nejde VB, tak to uděláme jinak:

Stáhni si program ComboFix
- Ulož ho na systémový disk, tedy do C:\
- Jdi přes Start -> Spustit... a do volného řádku zkopíruj tento příkaz označený tučně a potvrď:
%systemdrive%\combofix.exe /v ddccbcd

- Během jeho aplikování neklikej do zobrazujícího se okna (běh programu by měl být kratší něž 10 min). Pravděpodobně bude nakonec nutný resart počítače, po restartu by se měl objevit log z ComboFixu, zkopíruj sem prosím celý jeho obsah + log z HJT.

[kolers]

combo fix

"zero" - 07-04-12 19:16:23 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\"
Command switches used :: /v ddccbcd


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\regedit.com


((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 ))))))))))))))))))))))))))))))))))


2007-04-12 19:15 1,171,918 --a------ C:\ComboFix.exe
2007-04-12 19:12 97,280 --a------ C:\VundoFix.exe
2007-04-12 19:12 96,978 --a------ C:\VirtumundoBeGone.exe
2007-04-12 17:19 493,321 ---hs---- C:\WINDOWS\system32\ybadd.bak1
2007-04-12 17:18 280,676 --ahs---- C:\WINDOWS\system32\ddaby.dll.vir
2007-04-12 16:36 <DIR> d-------- C:\VundoFix Backups
2007-04-12 14:12 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-04-11 21:46 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-04-11 21:46 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-04-11 21:46 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-04-11 21:46 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-04-11 21:46 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-04-11 21:46 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-04-11 21:31 147,968 --a------ C:\WINDOWS\R.COM
2007-04-11 21:31 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-04-11 18:04 26,694 --a------ C:\WINDOWS\system32\ddccbcd.dll.vir
2007-04-10 16:07 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-10 13:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-10 12:35 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-04-10 12:35 79,360 --a------ C:\WINDOWS\system32\lfeps13s.dll
2007-04-10 12:35 74,752 --a------ C:\WINDOWS\system32\lfgif13s.dll
2007-04-10 12:35 466,624 --a------ C:\WINDOWS\system32\LTRPR13n.DLL
2007-04-10 12:35 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-04-10 12:35 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2007-04-10 12:35 194,248 --a------ C:\WINDOWS\system32\LTRFD13n.DLL
2007-04-10 12:35 185,856 --a------ C:\WINDOWS\system32\lfpng13s.dll
2007-04-10 12:34 930,992 --------- C:\WINDOWS\system32\Ltr13n.dll
2007-04-10 12:34 884,736 --------- C:\WINDOWS\system32\LMUIRes.dll
2007-04-10 12:34 80,896 --------- C:\WINDOWS\system32\lfwmf13s.dll
2007-04-10 12:34 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2007-04-10 12:34 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2007-04-10 12:34 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2007-04-10 12:34 70,144 --------- C:\WINDOWS\system32\lfbmp13s.dll
2007-04-10 12:34 65,536 --------- C:\WINDOWS\system32\lfpcx13s.dll
2007-04-10 12:34 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2007-04-10 12:34 64,512 --------- C:\WINDOWS\system32\lftga13s.dll
2007-04-10 12:34 59,904 --------- C:\WINDOWS\system32\lfpcd13s.dll
2007-04-10 12:34 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2007-04-10 12:34 409,600 --------- C:\WINDOWS\system32\LFCMP13s.DLL
2007-04-10 12:34 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2007-04-10 12:34 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2007-04-10 12:34 306,352 --------- C:\WINDOWS\system32\Ltrio13n.dll
2007-04-10 12:34 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2007-04-10 12:34 283,648 --------- C:\WINDOWS\system32\LFJ2K13s.dll
2007-04-10 12:34 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2007-04-10 12:34 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2007-04-10 12:34 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2007-04-10 12:34 2,079,232 --------- C:\WINDOWS\system32\LTCLR13s.dll
2007-04-10 12:34 167,936 --------- C:\WINDOWS\system32\lftif13s.dll
2007-04-10 12:34 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2007-04-10 12:34 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2007-04-10 12:34 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2007-04-10 12:34 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll
2007-04-10 12:34 12,288 --------- C:\WINDOWS\system32\LMLRes.dll
2007-04-10 12:34 116,224 --------- C:\WINDOWS\system32\lffax13s.dll
2007-04-10 12:34 110,080 --------- C:\WINDOWS\system32\lfpsd13s.dll
2007-04-10 12:34 105,984 --------- C:\WINDOWS\system32\lfpct13s.dll
2007-04-10 12:34 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2007-04-10 12:34 1,013,248 --------- C:\WINDOWS\system32\Ltwvc13n.dll
2007-04-10 12:32 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
2007-04-10 12:32 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll
2007-04-10 12:32 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2007-04-10 12:32 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-10 12:32 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-04-10 12:32 <DIR> d-------- C:\WINDOWS\Cache
2007-04-10 12:32 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-04-10 12:29 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-04-10 12:26 <DIR> d-------- C:\Program Files\SmartSound Software
2007-04-10 12:25 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-04-10 12:24 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2007-04-10 12:24 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2007-04-10 12:24 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2007-04-10 12:24 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-04-10 12:24 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2007-04-10 12:24 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2007-04-10 12:24 <DIR> d-------- C:\Program Files\DivX
2007-04-10 12:23 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-04-10 12:23 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-04-10 12:23 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-04-10 12:23 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-04-10 12:23 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-04-10 12:23 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-04-10 12:23 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-04-10 12:23 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-04-10 12:23 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2007-04-10 12:23 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-04-10 12:23 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-04-10 12:23 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL
2007-04-10 12:23 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-04-10 12:23 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2007-04-10 12:23 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-04-10 12:23 344,064 --a------ C:\WINDOWS\system32\MSVCR70.DLL
2007-04-10 12:23 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL
2007-04-10 12:23 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.DLL
2007-04-10 12:23 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-10 12:19 <DIR> d-------- C:\Program Files\Pinnacle
2007-04-10 12:18 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-04-08 22:51 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-04-06 13:13 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-04-05 22:11 545 --a------ C:\WINDOWS\UC.PIF
2007-04-05 22:11 545 --a------ C:\WINDOWS\RAR.PIF
2007-04-05 22:11 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-04-05 22:11 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-04-05 22:11 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-04-05 22:11 545 --a------ C:\WINDOWS\LHA.PIF
2007-04-05 22:11 545 --a------ C:\WINDOWS\ARJ.PIF
2007-04-05 22:11 <DIR> d-------- C:\totalcmd
2007-04-03 20:18 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-04-03 20:18 286,720 --------- C:\WINDOWS\Setup1.exe
2007-04-01 14:40 <DIR> d-------- C:\Program Files\RealVNC
2007-04-01 14:10 <DIR> d-------- C:\Program Files\GamePark
2007-04-01 13:12 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-01 12:56 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-04-01 12:56 127,720 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-01 11:25 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2007-04-01 11:25 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-01 10:58 <DIR> d-------- C:\Temp
2007-03-31 20:40 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-03-31 20:38 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-31 20:38 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-31 20:38 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-03-31 20:38 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-31 20:38 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-03-31 20:37 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-31 20:36 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-03-31 20:36 <DIR> d-------- C:\Program Files\Ahead
2007-03-31 18:41 1,177 --a------ C:\WINDOWS\mozver.dat
2007-03-31 18:28 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-31 18:28 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-03-31 18:23 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-31 18:20 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-03-31 18:19 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-03-31 18:19 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-31 18:14 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-31 18:14 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-31 18:14 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-31 18:13 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-31 18:13 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-31 18:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-03-31 18:12 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2007-03-31 18:11 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-31 18:11 9,291 --a------ C:\WINDOWS\system\VER.DLL
2007-03-31 18:11 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-31 18:11 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-31 18:11 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-31 18:11 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-31 18:11 75,264 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-31 18:11 70,272 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-31 18:11 69,632 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-31 18:11 69,008 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-31 18:11 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-31 18:11 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-03-31 18:11 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-31 18:11 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-03-31 18:11 6,656 --a------ C:\WINDOWS\system32\kbdpl.dll
2007-03-31 18:11 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-03-31 18:11 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-03-31 18:11 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-31 18:11 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-31 18:11 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-31 18:11 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-31 18:11 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-31 18:11 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-31 18:11 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-31 18:11 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-31 18:11 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-31 18:11 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-31 18:11 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-31 18:11 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-31 18:11 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-31 18:11 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-31 18:11 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-31 18:11 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-31 18:11 5,632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-03-31 18:11 5,632 --a------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-31 18:11 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-31 18:11 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-31 18:11 33,040 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-31 18:11 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-31 18:11 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-31 18:11 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-31 18:11 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-31 18:11 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-31 18:11 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-31 18:11 127,024 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-31 18:11 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-31 18:11 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-31 18:11 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-31 18:11 <DIR> dr------- C:\Program Files
2007-03-31 18:11 <DIR> d--hs---- C:\WINDOWS\Installer
2007-03-31 18:11 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-31 18:11 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-03-31 18:11 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-31 18:11 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-31 18:10 <DIR> d--hs---- C:\System Volume Information
2007-03-31 18:10 <DIR> d-------- C:\Documents and Settings
2007-03-31 18:05 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-31 18:05 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-03-31 18:05 <DIR> dr------- C:\WINDOWS\Web
2007-03-31 18:05 <DIR> d--h----- C:\WINDOWS\inf
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\WinSxS
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\twain_32
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\wins
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\spool
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\ras
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\npp
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\mui
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\IME
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\ias
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\export
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\config
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\3076
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\2052
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\1054
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\1042
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\1041
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\1037
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\1033
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\1031
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\1029
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\1028
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32\1025
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system32
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\system
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\security
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\Resources
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\repair
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\Provisioning
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\PeerNet
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\pchealth
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\mui
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\msapps
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\msagent
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\Media
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\java
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\ime
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\Help
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\ehome
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\Debug
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\Cursors
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\Config
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\AppPatch
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS\addins
2007-03-31 18:05 <DIR> d-------- C:\WINDOWS
2007-03-31 18:05 <DIR> d-------- C:\Program Files\HLSW
2007-03-31 17:49 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-31 17:49 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-31 17:49 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-31 17:47 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-31 17:46 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-31 17:46 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-31 17:42 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
2007-03-31 17:42 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
2007-03-31 17:42 <DIR> d--h----- C:\BJPrinter
2007-03-31 17:41 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-31 17:37 643,200 --a------ C:\WINDOWS\system32\drivers\CnxEtU.sys
2007-03-31 17:37 60,288 --a------ C:\WINDOWS\system32\drivers\CnxEtP.sys
2007-03-31 17:37 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
2007-03-31 17:37 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
2007-03-31 17:37 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
2007-03-31 17:37 108,547 --a------ C:\WINDOWS\system32\drivers\CnxTgN.sys
2007-03-31 17:37 <DIR> d-------- C:\Program Files\Conexant
2007-03-31 17:35 94,208 --a------ C:\WINDOWS\system32\CNCL110.DLL
2007-03-31 17:35 90,112 --a------ C:\WINDOWS\system32\CNCI110.DLL
2007-03-31 17:35 557,056 --a------ C:\WINDOWS\system32\CNCC110.DLL
2007-03-31 17:35 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-03-31 17:35 389,180 --a------ C:\WINDOWS\system32\UCS32P.DLL
2007-03-31 17:35 <DIR> d--h----- C:\CanonMP
2007-03-31 17:34 <DIR> d-------- C:\Program Files\Canon
2007-03-31 17:32 577,536 -r------- C:\WINDOWS\soundman.exe
2007-03-31 17:32 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-03-31 17:32 4,017,536 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-03-31 17:32 143,360 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-03-31 17:32 10,528,768 -r------- C:\WINDOWS\system32\RTLCPL.exe
2007-03-31 17:32 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-03-31 17:32 <DIR> d-------- C:\Program Files\AvRack
2007-03-31 17:31 315,392 -r------- C:\WINDOWS\alcupd.exe
2007-03-31 17:31 217,088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-03-31 17:31 <DIR> d-------- C:\Program Files\Realtek AC97
2007-03-31 17:30 9,728 -ra------ C:\WINDOWS\system32\drivers\videX32.sys
2007-03-31 17:30 11,264 -ra------ C:\WINDOWS\system32\drivers\xfilt.sys
2007-03-31 17:30 <DIR> d-------- C:\Program Files\VIA
2007-03-31 17:29 36,352 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-03-31 17:29 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-31 17:25 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-03-31 17:23 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-03-31 17:23 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-03-31 17:23 <DIR> d--h----- C:\Program Files\Creative Installation Information
2007-03-31 17:23 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-03-31 17:19 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-03-31 17:18 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-31 17:18 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-31 17:18 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-31 17:18 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-31 17:18 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-31 17:18 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-31 17:18 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-31 17:18 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-31 17:18 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-31 17:18 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-31 17:18 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-31 17:18 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-31 17:18 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-31 17:18 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-31 17:18 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2007-03-31 17:18 11,264 --a------ C:\WINDOWS\INRES.DLL
2007-03-31 17:18 <DIR> d-------- C:\WINDOWS\system32\Data
2007-03-31 17:16 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-03-31 17:16 <DIR> d-------- C:\Program Files\Creative
2007-03-31 17:15 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-31 17:12 <DIR> d-------- C:\Program Files\ICQLite
2007-03-31 17:09 <DIR> d--hs---- C:\RECYCLER
2007-03-31 17:07 <DIR> d-------- C:\Program Files\TGTSoft
2007-03-31 17:05 <DIR> d-------- C:\Program Files\Lavasoft
2007-03-31 16:48 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-03-31 16:47 <DIR> d-------- C:\Program Files\MSBuild
2007-03-31 16:47 <DIR> d-------- C:\Program Files\Microsoft Works
2007-03-31 16:45 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-03-31 16:39 51,328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-03-31 16:39 <DIR> d-------- C:\Program Files\Comodo
2007-03-31 16:37 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-31 16:37 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-31 16:37 <DIR> d-------- C:\WINDOWS\nview
2007-03-31 16:37 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-03-31 16:36 <DIR> d-------- C:\NVIDIA
2007-03-31 16:27 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-31 16:27 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-31 16:24 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-31 16:24 0 -rahs---- C:\MSDOS.SYS
2007-03-31 16:24 0 -rahs---- C:\IO.SYS
2007-03-31 16:24 0 --a------ C:\CONFIG.SYS
2007-03-31 16:24 0 --------- C:\AUTOEXEC.BAT
2007-03-31 16:24 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-03-31 16:24 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-03-31 16:23 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-03-31 16:23 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-03-31 16:23 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-31 16:23 <DIR> d-------- C:\Program Files\Online Services
2007-03-31 16:22 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-31 16:22 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-31 16:22 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-31 16:22 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-31 16:22 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-31 16:22 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-31 16:22 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-31 16:22 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-31 16:22 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-31 16:22 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-31 16:22 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-31 16:22 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-31 16:22 173,336 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-31 16:22 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-31 16:22 127,768 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-31 16:22 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-31 16:22 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-31 16:22 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-31 16:22 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-31 16:22 <DIR> d---s---- C:\WINDOWS\Tasks
2007-03-31 16:22 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-03-31 16:22 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-03-31 16:22 <DIR> d-------- C:\WINDOWS\srchasst
2007-03-31 16:22 <DIR> d-------- C:\Program Files\Movie Maker
2007-03-31 16:22 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-03-31 16:21 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-31 16:21 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-31 16:21 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-31 16:21 73,344 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-31 16:21 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-31 16:21 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-31 16:21 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-31 16:21 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-31 16:21 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-31 16:21 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-31 16:21 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-31 16:21 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-31 16:21 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-31 16:21 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-31 16:21 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-31 16:21 275,968 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-31 16:21 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-31 16:21 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-31 16:21 240,128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-31 16:21 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-31 16:21 21,812 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-31 16:21 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-31 16:21 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-31 16:21 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-31 16:21 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-31 16:21 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-31 16:21 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-31 16:21 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-03-31 16:21 <DIR> d-------- C:\WINDOWS\Registration
2007-03-31 16:20 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-31 16:20 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-31 16:20 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-31 16:20 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-31 16:20 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-31 16:20 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-31 16:20 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-31 16:20 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-31 16:20 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-31 16:20 670,720 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-31 16:20 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-31 16:20 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-31 16:20 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-31 16:20 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-31 16:20 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-31 16:20 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-31 16:20 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-31 16:20 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-31 16:20 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-31 16:20 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-31 16:20 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-31 16:20 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-31 16:20 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-31 16:20 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-31 16:20 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-31 16:20 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-31 16:20 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-31 16:20 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-31 16:20 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-31 16:20 405,504 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-31 16:20 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-31 16:20 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-31 16:20 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-31 16:20 351,232 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-31 16:20 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-31 16:20 343,552 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-31 16:20 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-31 16:20 295,936 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-31 16:20 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-31 16:20 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-31 16:20 228,864 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-31 16:20 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-31 16:20 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-31 16:20 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-31 16:20 21,504 --a------ C:\WINDOWS\system32\msg.exe
2007-03-31 16:20 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-31 16:20 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-31 16:20 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-31 16:20 185,344 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-31 16:20 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-31 16:20 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-31 16:20 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-31 16:20 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-31 16:20 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-31 16:20 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-31 16:20 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-31 16:20 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-31 16:20 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-31 16:20 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-31 16:20 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-31 16:20 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-31 16:20 141,312 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-31 16:20 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-31 16:20 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-31 16:20 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-31 16:20 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-31 16:20 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-31 16:20 127,488 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-31 16:20 123,904 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-31 16:20 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-31 16:20 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-31 16:20 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-31 16:20 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-31 16:20 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-31 16:20 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-31 16:20 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-31 16:20 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-31 16:20 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-31 16:20 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-03-31 16:20 <DIR> d-------- C:\WINDOWS\system32\Com
2007-03-31 16:20 <DIR> d-------- C:\Program Files\Windows NT
2007-03-31 16:20 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-03-31 16:20 <DIR> d-------- C:\Program Files\Messenger
2007-03-31 16:19 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-31 16:19 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-31 16:19 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-31 16:19 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-31 16:19 185,856 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-31 16:19 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-12 17:33 82336 --a------ C:\WINDOWS\system32\perfc005.dat
2007-04-12 17:33 419390 --a------ C:\WINDOWS\system32\perfh005.dat
2007-03-17 15:45 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:38 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:36 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"IDMan"="F:\\programy\\Internet Download Manager\\IDMan.exe /onboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="F:\\programy\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"GrooveMonitor"="\"F:\\programy\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"ICQ Lite"="\"F:\\programy\\ICQLite\\ICQLite.exe\" -minimize"
"CTSysVol"="F:\\programy\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"CreativeTaskScheduler"="\"C:\\Program Files\\Creative\\Shared Files\\CTSched.exe\" /logon"
"SoundMan"="SOUNDMAN.EXE"
"CnxDslTaskBar"="\"C:\\Program Files\\Conexant\\AccessRunner ADSL\\CnxDslTb.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{9B9F24FB-3C1B-4709-B8C4-DD32F596A94A}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command welcome.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26a357c3-e72e-11db-975f-0019db20bf16}]
Shell\AutoRun\command welcome.exe



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070412-183726-844
O2 - BHO: (no name) - {6DDFA923-BC95-4A99-8289-2267BF08A1B5} - C:\WINDOWS\system32\jkhhh.dll (file missing)
backup-20070412-183726-679
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\sxnuebbl.dll (file missing)
backup-20070412-183549-497
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\lkrnrdik.dll",setvm
backup-20070412-183549-579
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
backup-20070412-171929-907
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20070412-171929-990
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
backup-20070329-225056-797
O23 - Service: ZF dert (ZFdert) - Unknown owner - C:\Program Files\Common Files\System\zfdert.exe
backup-20070329-224132-161
O11 - Options group: [INTERNATIONAL] International*
backup-20070329-224132-487
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070329-224132-835
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
backup-20070329-224132-980
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070226-201412-241
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
backup-20070226-201411-345
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
backup-20070208-215406-972
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
backup-20070208-215340-743
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels88.exe
backup-20061227-191803-725
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
backup-20061227-003050-359
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
backup-20061227-003050-394
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20061227-003050-405
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
backup-20061227-003050-216
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
backup-20061227-003050-484
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
backup-20061227-003050-545
O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
backup-20061227-003050-184
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
backup-20061227-003050-345
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
backup-20061227-003050-624
O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
backup-20061227-003050-682
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
backup-20061227-003050-789
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
backup-20061227-003050-816
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
backup-20061227-003050-836
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
backup-20061227-003050-838
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
backup-20061227-003050-926
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
backup-20061227-003050-975
O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe
backup-20061227-003050-351
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
backup-20061227-003050-580
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
backup-20061227-003050-302
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20061227-003050-122
O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
backup-20061227-003050-562
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
backup-20061227-003050-481
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
backup-20061209-224534-661
F3 - REG:win.ini: run=
backup-20061209-224534-172
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
backup-20061209-224534-951
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
backup-20060715-123427-341
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
backup-20060629-135342-960
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20060629-135342-943
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
backup-20060629-135342-851
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060629-135342-768
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
backup-20060629-135342-757
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20060629-135342-548
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-12 19:17:27
C:\ComboFix-quarantined-files.txt ... 07-04-12 19:17

hjt

Logfile of HijackThis v1.99.1
Scan saved at 19:30:42, on 12.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Comodo\Firewall\CPF.exe
F:\programy\Microsoft Office\Office12\GrooveMonitor.exe
F:\programy\ICQLite\ICQLite.exe
F:\programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\programy\Internet Download Manager\IDMan.exe
F:\programy\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\zaloha\ostatni\ostatni\utility\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\programy\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\programy\MICROS~1\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [GrooveMonitor] "F:\programy\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ICQ Lite] "F:\programy\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [CTSysVol] F:\programy\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [IDMan] F:\programy\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\programy\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\programy\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Download All Links with IDM - F:\programy\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - F:\programy\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\programy\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\programy\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\programy\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\programy\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\programy\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5355952187
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CB0A4C6-214B-4FDE-A040-6043619C7288}: NameServer = 195.250.128.34 195.250.128.234
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\programy\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - F:\programy\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)