Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 5 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Antivirus pro 2010

Registrovaný: 09.01.07
Prihlásený: 22.03.24
Príspevky: 3599
Témy: 419
Bydlisko: Bratislava
Príspevok NapísalOffline : 11.09.2009 17:00

DObry den ,
mam problem so spyrwarom... menom Antivirus Pro 2010
Stale chce stiahnut platený program...
V task managery mam spustený podozrivý proces csrss.exe : napr. tu je o nom pisane http://www.liutilities.com/products/win ... ary/csrss/
Neda sa ho odstranit, ani kilnut... pise , že Toto je kritický sys. proces. Spravca uloh ho nemoze ukoncit.
Internet je celkovo dost spomalený.
Dalej sa tu nachadzalo este viac-menej par spyrwarom ale tie sa odstranili..ale pri spusteny systemu sa zas nacitaju z registrov.
Výrus vypol aj kontrolu posty v AVG.
Prikladam log z RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-09-11 15:10:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 95 GB (40%) free of 238 GB
Total RAM: 2047 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:43, on 11.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [sys32_nov] C:\Documents and Settings\user\sys32_nov.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Služba Google Update (gupdate1ca28d49fb28e9c) (gupdate1ca28d49fb28e9c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7558 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0BDD8109-C0CF-4AE7-8B29-F70F5157BBFB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Pinnacle WebUpdater"=C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe [2006-06-08 385024]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-13 2007832]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2003-11-10 406016]
"EverioService"=C:\Program Files\CyberLink\PCM4Everio\EverioService.exe [2007-11-01 151552]
"PMCRemote"=C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2006-06-08 90112]
"sys32_nov"=C:\WINDOWS\system32\sys32_nov.exe [2009-09-11 47104]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"Antivirus Pro 2010"=C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe /hide []
"braviax"=C:\WINDOWS\system32\braviax.exe [2009-09-11 9728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PMCS"=C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe [2006-06-08 65536]
"sys32_nov"=C:\Documents and Settings\user\sys32_nov.exe [2009-09-11 47104]
"braviax"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\xRaidSetup.exe [2007-03-21 1953792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\\PSDrvCheck.exe [2003-11-10 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2006-06-08 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe [2006-06-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="cru629.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe"="C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:*:Enabled:FEARXP2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PSST.exe"="C:\Program Files\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\dedicated server\hlds.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\dedicated server\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Valve\Steam\SteamApps\common\quake 3 arena demo\quake3.exe"="C:\Program Files\Valve\Steam\SteamApps\common\quake 3 arena demo\quake3.exe:*:Enabled:quake3"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe"="C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\day of defeat\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\ricochet\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\deathmatch classic\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\Sierra\Empire Earth II\EE2.exe"="C:\Program Files\Sierra\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II"
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe"="C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\Program Files\Valve\Steam\SteamApps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe"="C:\Program Files\Valve\Steam\SteamApps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Valve\Steam\SteamApps\common\eve online\bin\ExeFile.exe"="C:\Program Files\Valve\Steam\SteamApps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Documents and Settings\user\Local Settings\Temp\Blizzard Launcher Temporary - a0045098\Launcher.exe"="C:\Documents and Settings\user\Local Settings\Temp\Blizzard Launcher Temporary - a0045098\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe"="C:\Program Files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe"="C:\Program Files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
"C:\Documents and Settings\user\Local Settings\Temp\Blizzard Launcher Temporary - e380ed60\Launcher.exe"="C:\Documents and Settings\user\Local Settings\Temp\Blizzard Launcher Temporary - e380ed60\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\Steam\SteamApps\common\bejeweled twist\BejeweledTwist.exe"="C:\Program Files\Valve\Steam\SteamApps\common\bejeweled twist\BejeweledTwist.exe:*:Enabled:Bejeweled Twist Demo"
"C:\Program Files\Valve\Steam\SteamApps\common\spectraball demo\Spectraball.exe"="C:\Program Files\Valve\Steam\SteamApps\common\spectraball demo\Spectraball.exe:*:Enabled:Spectraball Demo"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"="C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator®"
"C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c907271-d273-11dd-a9ba-001e8c47f67c}]
shell\AutoRun\command - K:\CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe
shell\open\command - K:\CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d9962da-1c48-11de-a2f1-001e8c47f67c}]
shell\AutoRun\command - K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
shell\open\command - K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e76b3ac0-6deb-11de-a366-001e8c47f67c}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-09-11 15:10:26 ----D---- C:\rsit
2009-09-11 15:10:26 ----D---- C:\Program Files\trend micro
2009-09-11 09:58:34 ----A---- C:\WINDOWS\system32\qedi.dll
2009-09-11 09:58:34 ----A---- C:\WINDOWS\rofyburacu.com
2009-09-11 09:38:55 ----A---- C:\WINDOWS\braviax.exe
2009-09-11 09:33:16 ----A---- C:\WINDOWS\vodiqy.bat
2009-09-11 09:33:16 ----A---- C:\WINDOWS\system32\xupowejuv.bat
2009-09-11 09:33:16 ----A---- C:\WINDOWS\jifa.vbs
2009-09-11 09:33:16 ----A---- C:\Program Files\Common Files\zepyhilepy.dll
2009-09-11 09:33:16 ----A---- C:\Program Files\Common Files\gyjy.com
2009-09-11 09:33:16 ----A---- C:\Documents and Settings\All Users\Application Data\uluja.com
2009-09-11 09:33:15 ----A---- C:\WINDOWS\epijup.vbs
2009-09-11 09:33:15 ----A---- C:\Program Files\Common Files\igofomafu.bat
2009-09-11 08:44:22 ----A---- C:\WINDOWS\ykatom.exe
2009-09-11 08:44:22 ----A---- C:\WINDOWS\nukypir.vbs
2009-09-11 08:44:22 ----A---- C:\Program Files\Common Files\lawidydu.exe
2009-09-11 08:44:22 ----A---- C:\Program Files\Common Files\axybyra.com
2009-09-11 08:44:22 ----A---- C:\Documents and Settings\user\Application Data\fenoc.dll
2009-09-11 08:43:21 ----A---- C:\WINDOWS\system32\wisdstr.exe
2009-09-11 08:43:19 ----A---- C:\WINDOWS\system32\braviax.exe
2009-09-11 08:43:17 ----A---- C:\WINDOWS\system32\sys32_nov.exe
2009-09-11 08:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 08:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 14:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-06 14:04:30 ----D---- C:\Download
2009-09-06 11:35:00 ----A---- C:\WINDOWS\system32\libmysql_d.dll
2009-09-05 12:26:46 ----D---- C:\Documents and Settings\user\Application Data\The Path
2009-09-02 20:50:37 ----D---- C:\Documents and Settings\user\Application Data\SQLyog
2009-09-02 20:50:32 ----D---- C:\Program Files\SQLyog Enterprise Trial
2009-09-01 13:01:48 ----D---- C:\Documents and Settings\user\Application Data\TeamViewer
2009-09-01 13:01:43 ----D---- C:\Program Files\TeamViewer
2009-08-31 16:21:21 ----D---- C:\Program Files\GameSpy Arcade
2009-08-31 16:12:30 ----D---- C:\Program Files\Sierra
2009-08-29 20:15:40 ----D---- C:\Documents and Settings\user\Application Data\Google
2009-08-29 20:14:07 ----D---- C:\Program Files\Google
2009-08-29 16:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 09:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 09:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 09:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 09:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 09:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 09:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 09:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 09:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 09:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 1 months======

2009-09-11 15:10:26 ----RD---- C:\Program Files
2009-09-11 15:10:13 ----D---- C:\WINDOWS\Prefetch
2009-09-11 15:10:12 ----D---- C:\WINDOWS\Temp
2009-09-11 14:38:30 ----D---- C:\Program Files\Mozilla Firefox
2009-09-11 13:34:48 ----HD---- C:\$AVG8.VAULT$
2009-09-11 13:34:48 ----D---- C:\WINDOWS\system32
2009-09-11 13:22:29 ----D---- C:\WINDOWS
2009-09-11 12:11:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-11 09:58:34 ----D---- C:\Program Files\Common Files
2009-09-11 09:53:06 ----A---- C:\checkrun.txt
2009-09-11 09:51:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-11 09:48:09 ----D---- C:\WINDOWS\system32\drivers
2009-09-11 08:07:23 ----HD---- C:\WINDOWS\inf
2009-09-11 08:07:20 ----A---- C:\WINDOWS\imsins.BAK
2009-09-11 08:07:16 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-11 08:07:10 ----D---- C:\WINDOWS\ie8updates
2009-09-11 08:06:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-10 22:23:16 ----D---- C:\Documents and Settings\user\Application Data\Skype
2009-09-10 20:57:25 ----D---- C:\Documents and Settings\user\Application Data\skypePM
2009-09-08 14:49:09 ----SD---- C:\WINDOWS\Tasks
2009-09-06 17:35:21 ----D---- C:\Program Files\SpeedFan
2009-09-06 17:33:21 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-01 18:31:57 ----D---- C:\Documents and Settings\user\Application Data\Hamachi
2009-09-01 12:21:17 ----D---- C:\Program Files\World of Warcraft
2009-08-31 16:16:51 ----D---- C:\WINDOWS\system32\DirectX
2009-08-31 16:12:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-29 20:25:34 ----SHD---- C:\WINDOWS\Installer
2009-08-28 23:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-13 09:33:50 ----D---- C:\Program Files\Outlook Express
2009-08-12 12:23:24 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-01 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-01 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-24 108552]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 3xHybrid;Pinnacle PCTV 110i service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 827008]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-05-26 11264]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-19 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 npkcusb;npkcusb; \??\C:\Program Files\Lineage II\system\npkcusb.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 a0qz3k49;a0qz3k49; C:\WINDOWS\system32\drivers\a0qz3k49.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-01 297752]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2005-05-04 9150464]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-08-02 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2006-12-20 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe []
S2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-01 908056]
S2 gupdate1ca28d49fb28e9c;Služba Google Update (gupdate1ca28d49fb28e9c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-08 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

DAkujem za skore vyriesenie problemu .


Ohlásit tento příspěvek


Offline

Správca fóra
Správca fóra
Antivirus pro 2010

Registrovaný: 17.04.08
Prihlásený: 28.03.24
Príspevky: 13258
Témy: 420
Bydlisko: Myjava
Príspevok NapísalOffline : 11.09.2009 17:13

hned prva tema v kategorii nebola vidiet na logy :roll:
http://www.pcforum.sk/kontrola-hijackth ... 46976.html







_________________
PC: MSI B450 GAMING PLUS / AMD Ryzen 5 2600 / SilentiumPC Fera 3 HE1224 / ADATA XPG Spectrix D40 DDR4 2x8GB / Gainward GeForce GTX 1060 Phoenix 6GB / Adata XPG Gammix S11 M.2 SSD 480GB NVMe / Seagate BarraCuda HDD 2TB / WD Green 4TB / WD My Book Essential 3.0 2000GB / WD Elements 2000GB / ASUS BW-16D1HT / Creative Sound Blaster Audigy RX / Corsair CX450M / SilentiumPC Regnum RG4T / Dell P2719H / Microsoft Natural Ergonomic Keyboard 4000 / Logitech G102 Prodigy Gaming Mouse / Microlab SOLO9C / Microlab B77 / SONY WH-1000XM4 / Koss Porta Pro / Microsoft Windows 10 64-bit FPP
PC (history): ASUS M4A785TD-V EVO / Athlon II X4 640 / Hynix 8GB (2x4GB) DDR3 1600 MHz / Sapphire HD7750 1GB Ultimate Silent Series / AMD Radeon R3 120GB / Seagate 7200.12 500GB / Samsung SH-S223L / Creative Sound Blaster X-Fi XtremeMusic / Axago PCEU-43R USB3.0 / TP-LINK TG-3269 / Corsair VS450 / 24" BenQ G2420HDBL / Gigabyte GT-U8300
NTB: Huawei MateBook D15 NTB2: Alcatel PLUS 10 LTE NTB3: MSI M670X-091SK / Transcend 2x1GB DDR2 667MHz
Phone: Samsung Galaxy S9 Phone2: Samsung Galaxy S20+
Turntable: Tesla NC 470 / Ortofon OM 5E
Offline

Užívateľ
Užívateľ
Antivirus pro 2010

Registrovaný: 09.01.07
Prihlásený: 22.03.24
Príspevky: 3599
Témy: 419
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 11.09.2009 17:17

ok ok stava sa sory :) tak ak treba presun to tam.. takze co radite ?


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline : 11.09.2009 19:56

Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users" -> "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.


Offline

Užívateľ
Užívateľ
Antivirus pro 2010

Registrovaný: 09.01.07
Prihlásený: 22.03.24
Príspevky: 3599
Témy: 419
Bydlisko: Bratislava
Príspevok Napísal autor témyOffline : 11.09.2009 21:45

dakuem za ochotu pomoc , uz som to zacal riesit :
zatial to vypada asi takto, uz nevyskakuje spyware :

ComboFix 09-09-10.03 - user 11.09.2009 21:09.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1328 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\hmm.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\boramovo.sys
c:\documents and settings\All Users\Application Data\ewytux.dl
c:\documents and settings\All Users\Application Data\jetefovoju.dll
c:\documents and settings\All Users\Application Data\jevuti.scr
c:\documents and settings\All Users\Application Data\meto._sy
c:\documents and settings\All Users\Application Data\qosynodo.inf
c:\documents and settings\All Users\Application Data\risazuzapa.sys
c:\documents and settings\All Users\Application Data\sazoz.sys
c:\documents and settings\All Users\Application Data\tuloc.scr
c:\documents and settings\All Users\Application Data\ujarydide.inf
c:\documents and settings\All Users\Application Data\uluja.com
c:\documents and settings\All Users\Application Data\unin.inf
c:\documents and settings\All Users\Application Data\uwudiguse.sys
c:\documents and settings\All Users\Application Data\yboqulevo._dl
c:\documents and settings\All Users\Application Data\ynezikabod.scr
c:\documents and settings\All Users\Documents\exowucov.pif
c:\documents and settings\All Users\Documents\fymoxeqa.pif
c:\documents and settings\All Users\Documents\gymuwy.com
c:\documents and settings\All Users\Documents\icigohin.pif
c:\documents and settings\All Users\Documents\ijih.reg
c:\documents and settings\All Users\Documents\jidyxitoqi.dl
c:\documents and settings\All Users\Documents\qazavoqe.pif
c:\documents and settings\All Users\Documents\ucoxe.reg
c:\documents and settings\All Users\Documents\ywivuhepub.pif
c:\documents and settings\All Users\Documents\zygika.dl
c:\documents and settings\user\Application Data\amaqud.pif
c:\documents and settings\user\Application Data\fenoc.dll
c:\documents and settings\user\Application Data\merydehob.dl
c:\documents and settings\user\Application Data\nukikuc.ban
c:\documents and settings\user\Application Data\secuh._dl
c:\documents and settings\user\Application Data\xowataxef.bin
c:\documents and settings\user\Application Data\zasagofe.com
c:\documents and settings\user\Cookies\asakytako.dl
c:\documents and settings\user\Cookies\cedyfalyzo.pif
c:\documents and settings\user\Cookies\hajen.reg
c:\documents and settings\user\Cookies\ipixiret.reg
c:\documents and settings\user\Cookies\lolakuly.bin
c:\documents and settings\user\Cookies\mofe.ban
c:\documents and settings\user\Cookies\ohesok.vbs
c:\documents and settings\user\Cookies\onire.reg
c:\documents and settings\user\Cookies\pypoduve.vbs
c:\documents and settings\user\Cookies\qosysonuby.reg
c:\documents and settings\user\Cookies\qyqem.exe
c:\documents and settings\user\Cookies\ucote.reg
c:\documents and settings\user\Cookies\uketawac.exe
c:\documents and settings\user\Cookies\uqutojadu.bat
c:\documents and settings\user\Cookies\utojov.reg
c:\documents and settings\user\Cookies\wezitemim.reg
c:\documents and settings\user\Cookies\xutiz.ban
c:\documents and settings\user\Cookies\yjex.reg
c:\documents and settings\user\delself.bat
c:\documents and settings\user\Local Settings\Application Data\agahu.exe
c:\documents and settings\user\Local Settings\Application Data\avemite.ban
c:\documents and settings\user\Local Settings\Application Data\fusib._dl
c:\documents and settings\user\Local Settings\Application Data\givulyz._dl
c:\documents and settings\user\Local Settings\Application Data\gytunid.pif
c:\documents and settings\user\Local Settings\Application Data\lozofaqof.bin
c:\documents and settings\user\Local Settings\Application Data\luqu.reg
c:\documents and settings\user\Local Settings\Application Data\owowitesy.exe
c:\documents and settings\user\Local Settings\Application Data\owupybyju.pif
c:\documents and settings\user\Local Settings\Application Data\soxajusizy.vbs
c:\documents and settings\user\Local Settings\Application Data\ufyfen.ban
c:\documents and settings\user\Local Settings\Application Data\ysofyt.exe
c:\documents and settings\user\Local Settings\Temporary Internet Files\bylup.ban
c:\documents and settings\user\Local Settings\Temporary Internet Files\exiremyhaz.db
c:\documents and settings\user\Local Settings\Temporary Internet Files\idalaram.sys
c:\documents and settings\user\Local Settings\Temporary Internet Files\izob.sys
c:\documents and settings\user\Local Settings\Temporary Internet Files\kikuvopo._dl
c:\documents and settings\user\Local Settings\Temporary Internet Files\qapezeq.bin
c:\documents and settings\user\Local Settings\Temporary Internet Files\qetygi.vbs
c:\documents and settings\user\Local Settings\Temporary Internet Files\timasu.vbs
c:\documents and settings\user\Local Settings\Temporary Internet Files\ufywirilaq.dll
c:\documents and settings\user\Local Settings\Temporary Internet Files\uleko.lib
c:\documents and settings\user\Local Settings\Temporary Internet Files\upoluzeleh.dl
c:\documents and settings\user\Local Settings\Temporary Internet Files\uwid.db
c:\documents and settings\user\Local Settings\Temporary Internet Files\ykurykyvi.db
c:\documents and settings\user\Local Settings\Temporary Internet Files\yruwikyf.exe
c:\documents and settings\user\Local Settings\Temporary Internet Files\yxykytuj.reg
c:\documents and settings\user\Local Settings\Temporary Internet Files\zyhite.dll
c:\documents and settings\user\sys32_nov.exe
c:\program files\Common Files\asypova.reg
c:\program files\Common Files\axybyra.com
c:\program files\Common Files\dotuqovad.scr
c:\program files\Common Files\gyjy.com
c:\program files\Common Files\igofomafu.bat
c:\program files\Common Files\imipis.sys
c:\program files\Common Files\lawidydu.exe
c:\program files\Common Files\rubisyfedu.scr
c:\program files\Common Files\uwapuve.dl
c:\program files\Common Files\yxycyt.pif
c:\program files\Common Files\zepyhilepy.dll
c:\windows\abako.inf
c:\windows\adaw.bin
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\eduxulynyx.sys
c:\windows\efyhutun.scr
c:\windows\epijup.vbs
c:\windows\ityja.inf
c:\windows\ixemipus.dll
c:\windows\jahed.dl
c:\windows\jifa.vbs
c:\windows\nukypir.vbs
c:\windows\oxabudute.reg
c:\windows\pimumoguh.reg
c:\windows\syqet.inf
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\dodam.ban
c:\windows\system32\etyda.ban
c:\windows\system32\inuxu.ban
c:\windows\system32\jebunar.reg
c:\windows\system32\onerybo.bin
c:\windows\system32\qanyji.pif
c:\windows\system32\qedi.dll
c:\windows\system32\sys32_nov.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\xupowejuv.bat
c:\windows\taqyfume.reg
c:\windows\uvaze.vbs
c:\windows\vodiqy.bat
c:\windows\xagy._dl
c:\windows\xehevofezi._dl
c:\windows\ydys._dl
c:\windows\ykatom.exe
c:\windows\ylydicum.scr
c:\windows\zugu._dl

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{8F21247B-9B8E-4F93-A3E3-4CBDABD06204}\RP530\A0117835.sys

Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\agp440.sys

.
((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 13:10 . 2009-09-11 18:58 -------- d-----w- c:\program files\trend micro
2009-09-11 13:10 . 2009-09-11 13:10 -------- d-----w- C:\rsit
2009-09-11 07:58 . 2009-09-11 07:58 11425 ----a-w- c:\windows\rofyburacu.com
2009-09-11 07:33 . 2009-09-11 07:33 15566 ----a-w- c:\windows\cewykyka.dat
2009-09-10 13:06 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 16:14 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-09-08 16:14 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-09-08 16:14 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-08 16:14 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-09-06 12:04 . 2009-09-06 12:05 -------- d-----w- C:\Download
2009-09-06 09:35 . 2009-07-10 10:33 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2009-09-05 10:26 . 2009-09-05 10:30 -------- d-----w- c:\documents and settings\user\Application Data\The Path
2009-09-02 18:50 . 2009-09-03 14:02 -------- d-----w- c:\documents and settings\user\Application Data\SQLyog
2009-09-02 18:50 . 2009-09-05 08:34 -------- d-----w- c:\program files\SQLyog Enterprise Trial
2009-09-01 11:01 . 2009-09-03 15:41 -------- d-----w- c:\documents and settings\user\Application Data\TeamViewer
2009-09-01 11:01 . 2009-09-01 11:01 -------- d-----w- c:\program files\TeamViewer
2009-09-01 11:01 . 2009-09-01 11:01 -------- d-----w- c:\documents and settings\user\temp
2009-08-31 14:21 . 2009-08-31 14:21 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-31 14:12 . 2009-08-31 14:12 -------- d-----w- c:\program files\Sierra
2009-08-29 18:30 . 2009-08-29 18:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-29 18:15 . 2009-08-29 18:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-29 18:14 . 2009-08-29 18:23 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
2009-08-29 18:14 . 2009-09-09 12:48 -------- d-----w- c:\program files\Google
2009-08-12 20:45 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 18:51 . 2008-03-24 17:43 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2009-09-11 14:52 . 2009-09-11 14:52 12072 ----a-w- c:\program files\Common Files\udesily.db
2009-09-11 07:33 . 2009-09-11 07:33 16847 ----a-w- c:\documents and settings\user\Application Data\zisyz.dat
2009-09-11 07:33 . 2009-09-11 07:33 11026 ----a-w- c:\program files\Common Files\luxod.lib
2009-09-11 06:44 . 2009-09-11 06:44 14542 ----a-w- c:\program files\Common Files\eqexyx.lib
2009-09-10 18:57 . 2008-03-24 17:45 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2009-09-06 15:35 . 2009-05-26 15:11 -------- d-----w- c:\program files\SpeedFan
2009-09-01 16:31 . 2009-04-19 14:28 -------- d-----w- c:\documents and settings\user\Application Data\Hamachi
2009-09-01 10:21 . 2008-03-05 13:28 -------- d-----w- c:\program files\World of Warcraft
2009-08-31 14:12 . 2008-02-12 15:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 07:35 . 2008-02-12 14:36 56104 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 11:17 . 2009-08-11 11:17 -------- d-----w- c:\program files\Microsoft Games
2009-08-10 19:15 . 2009-01-29 16:08 38 ----a-w- c:\windows\popcinfot.dat
2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 14:18 . 2008-02-13 07:42 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-02 14:18 . 2009-08-02 14:18 -------- d-----w- c:\documents and settings\user\Application Data\id Software
2009-08-02 14:18 . 2008-02-13 07:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-02 14:18 . 2008-02-13 07:42 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-02 14:18 . 2009-08-02 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-08-01 09:29 . 2008-07-24 13:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-01 09:29 . 2008-07-24 13:22 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-01 09:29 . 2008-07-24 13:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-24 15:36 . 2009-07-23 13:52 -------- d-----w- c:\documents and settings\user\Application Data\Folding@home-gpu
2009-07-24 13:31 . 2009-07-23 16:23 -------- d-----w- c:\program files\FahMon
2009-07-23 18:30 . 2009-07-23 13:36 -------- d-----w- c:\program files\Lineage II
2009-07-23 17:26 . 2009-07-23 16:05 -------- d-----w- c:\program files\Folding@home
2009-07-23 16:43 . 2009-07-23 16:42 -------- d-----w- c:\documents and settings\user\Application Data\Folding@home-x86
2009-07-23 13:49 . 2009-07-23 13:49 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-23 13:36 . 2009-07-23 13:36 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2009-07-17 21:47 . 2008-06-18 17:43 -------- d-----w- c:\documents and settings\user\Application Data\ICQ
2009-07-17 20:00 . 2009-07-11 07:24 -------- d-----w- c:\documents and settings\user\Application Data\U3
2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:51 . 2008-04-28 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-07-13 21:43 . 2004-08-03 23:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 16:33 . 2008-02-13 08:05 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-03 17:09 . 2004-08-03 23:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-03 23:56 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-03 23:56 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-03 23:56 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-03 23:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-03 23:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-03 23:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-03 21:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-03 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMCS"="c:\program files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-06-08 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-01 09:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\condition zero\\hl.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\ricochet\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bejeweled twist\\BejeweledTwist.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\spectraball demo\\Spectraball.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [24.7.2008 15:22 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24.7.2008 15:22 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24.7.2008 15:22 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [18.6.2009 16:09 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10.1.2009 11:11 297752]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [10.4.2008 17:13 827008]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [12.2.2008 17:30 38656]
S2 gupdate1ca28d49fb28e9c;Služba Google Update (gupdate1ca28d49fb28e9c);c:\program files\Google\Update\GoogleUpdate.exe [29.8.2009 20:15 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 18:14]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 18:14]

2009-09-11 c:\windows\Tasks\User_Feed_Synchronization-{0BDD8109-C0CF-4AE7-8B29-F70F5157BBFB}.job
- c:\windows\system32\msfeedssync.exe [2009-05-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\16ueqcio.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\16ueqcio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Pinnacle WebUpdater - c:\program files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml
HKLM-Run-Antivirus Pro 2010 - c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-746137067-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,07,af,d0,ce,c2,de,dd,4c,84,7a,9b,04,de,e0,82,b3,6a,22,b6,08,a7,d5,
38,05,8b,e9,a1,8c,7b,78,e9,5d,b1,27,d8,db,85,09,e7,71,1e,2c,d2,c0,63,c0,84,\
"??"=hex:88,0d,90,80,36,b8,b1,f7,84,ef,e8,01,9c,46,48,f3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ed,df,97,2f,35,
10,7d,06,e2,63,26,f1,3f,c8,ff,68,78,11,ce,ae,2b,ea,bb,e1,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,0a,ac,b0,54,bb,
2f,56,6d,6a,9c,d6,61,af,45,84,18,6b,bd,ba,09,73,07,68,67,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ea,91,66,ae,ee,
2b,83,fb,ff,7c,85,e0,43,d4,0e,fe,d1,f0,c7,d3,98,15,04,e7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,2e,df,59,d5,d3,
32,7c,a3,86,8c,21,01,be,91,eb,e7,c7,99,b2,84,1a,f3,55,f8,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,b2,c6,f7,b9,bc,
a3,bc,e5,f5,1d,4d,73,a8,13,5c,05,30,e9,02,2a,73,0a,79,a6,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,fd,ce,0a,d0,65,
d0,e5,ac,df,20,58,62,78,6b,cf,c8,d7,11,b0,20,0b,96,53,af,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,45,f4,82,80,b6,
9f,b4,a7,fb,a7,78,e6,12,2f,9a,ea,f1,c6,c2,91,e4,08,ac,e6,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,d2,6b,94,4c,
18,12,b1,01,3a,48,fc,e8,04,4a,f1,51,50,3c,c3,68,bf,fe,94,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,3e,ba,75,e3,3c,
e1,9e,7d,f6,0f,4e,58,98,5b,89,c9,2d,20,02,ad,f0,74,88,fc,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,0f,4e,2b,f8,d9,
f3,c6,4c,3d,ce,ea,26,2d,45,aa,78,b7,c0,27,9f,77,50,6a,3e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,91,24,e4,6b,21,
36,61,8a,2a,b7,cc,b5,b9,7f,41,e7,b5,c0,3e,8e,f0,7e,7e,bf,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,33,85,15,17,55,
67,a6,6c,6c,43,2d,1e,aa,22,2f,9c,d4,e0,b4,8e,d5,c1,74,bc,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\rundll32.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
c:\windows\system32\control.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\control.exe
.
**************************************************************************
.
Completion time: 2009-09-11 21:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 19:27

Pre-Run: 99 011 186 688 bytes free
Post-Run: 19 adresárov, 100 891 181 056 voľných bajtov

441 --- E O F --- 2009-09-11 06:09


Odpovedať na tému [ Príspevkov: 5 ] 


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. TrustPort Antivirus 2010

v Antivíry a antispywary

8

833

20.01.2010 19:08

pitimir Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. PES 2010 - Pro Evolution Soccer 2010

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Počítačové hry

42

6516

20.12.2010 19:40

Cobra99 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Acrobat 8 Pro vs. Office 2010 Pro

v Ostatné programy

4

808

11.11.2010 23:33

Seth Sparrow Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Panda Antivirus Pro 2011

v Antivíry a antispywary

2

495

30.10.2010 20:31

44mato44 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ANTIVIRUS

v Ostatné

7

666

27.12.2008 15:52

patnal Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Antivírus

v Antivíry a antispywary

13

733

05.02.2012 20:47

Filoo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Antivirus

v Bezpečnosť a firewally

10

1432

23.07.2010 19:42

Nanosonda Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. antivirus

v Ostatné

5

644

09.05.2010 18:51

david3504 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Antivirus

v Operačné systémy Microsoft

7

423

26.12.2012 19:10

TRT Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Antivirus

v Antivíry a antispywary

14

1028

14.01.2008 21:57

s.w.i.n.a1 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ktory antivirus?

v Antivíry a antispywary

2

632

24.11.2009 16:44

pitimir Zobrazenie posledných príspevkov

Táto téma je zamknutá, nemôžete posielať nové príspevky alebo odpovedať na staršie. Aky antivirus?

v Antivíry a antispywary

3

1827

15.10.2009 12:51

ac.milan Zobrazenie posledných príspevkov

Táto téma je zamknutá, nemôžete posielať nové príspevky alebo odpovedať na staršie. Free antivirus

v Antivíry a antispywary

9

835

04.06.2011 19:23

jtbs Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Antivírus-free

v Ostatné

15

953

06.12.2011 15:52

Spirit of the Hawk Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. uTorrent Antivirus

v Sieťové a internetové programy

3

447

20.04.2009 17:52

ac.milan Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Dobrý antivirus

v Antivíry a antispywary

4

866

13.04.2017 21:38

tairikuokami Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra