[ Príspevkov: 5 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Antivirus pro 2010

Registrovaný: 09.01.07
Prihlásený: 13.12.17
Príspevky: 2858
Témy: 268 | 268
Bydlisko: Bratislava
NapísalOffline : 11.09.2009 17:00 | Antivirus pro 2010

DObry den ,
mam problem so spyrwarom... menom Antivirus Pro 2010
Stale chce stiahnut platený program...
V task managery mam spustený podozrivý proces csrss.exe : napr. tu je o nom pisane http://www.liutilities.com/products/win ... ary/csrss/
Neda sa ho odstranit, ani kilnut... pise , že Toto je kritický sys. proces. Spravca uloh ho nemoze ukoncit.
Internet je celkovo dost spomalený.
Dalej sa tu nachadzalo este viac-menej par spyrwarom ale tie sa odstranili..ale pri spusteny systemu sa zas nacitaju z registrov.
Výrus vypol aj kontrolu posty v AVG.
Prikladam log z RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-09-11 15:10:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 95 GB (40%) free of 238 GB
Total RAM: 2047 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:43, on 11.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [sys32_nov] C:\Documents and Settings\user\sys32_nov.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Služba Google Update (gupdate1ca28d49fb28e9c) (gupdate1ca28d49fb28e9c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 7558 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0BDD8109-C0CF-4AE7-8B29-F70F5157BBFB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1062144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Pinnacle WebUpdater"=C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe [2006-06-08 385024]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-13 2007832]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2003-11-10 406016]
"EverioService"=C:\Program Files\CyberLink\PCM4Everio\EverioService.exe [2007-11-01 151552]
"PMCRemote"=C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2006-06-08 90112]
"sys32_nov"=C:\WINDOWS\system32\sys32_nov.exe [2009-09-11 47104]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"Antivirus Pro 2010"=C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe /hide []
"braviax"=C:\WINDOWS\system32\braviax.exe [2009-09-11 9728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PMCS"=C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe [2006-06-08 65536]
"sys32_nov"=C:\Documents and Settings\user\sys32_nov.exe [2009-09-11 47104]
"braviax"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\xRaidSetup.exe [2007-03-21 1953792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\\PSDrvCheck.exe [2003-11-10 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2006-06-08 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe [2006-06-08 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="cru629.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe"="C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:*:Enabled:FEARXP2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PSST.exe"="C:\Program Files\Pinnacle\MediaCenter\PSST.exe:LocalSubNet:Enabled:PSST.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\dedicated server\hlds.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\dedicated server\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Valve\Steam\SteamApps\common\quake 3 arena demo\quake3.exe"="C:\Program Files\Valve\Steam\SteamApps\common\quake 3 arena demo\quake3.exe:*:Enabled:quake3"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe"="C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\day of defeat\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\ricochet\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\ricochet\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\zolixgemini\deathmatch classic\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\zolixgemini\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\Sierra\Empire Earth II\EE2.exe"="C:\Program Files\Sierra\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II"
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe"="C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\Program Files\Valve\Steam\SteamApps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe"="C:\Program Files\Valve\Steam\SteamApps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Valve\Steam\SteamApps\common\eve online\bin\ExeFile.exe"="C:\Program Files\Valve\Steam\SteamApps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Documents and Settings\user\Local Settings\Temp\Blizzard Launcher Temporary - a0045098\Launcher.exe"="C:\Documents and Settings\user\Local Settings\Temp\Blizzard Launcher Temporary - a0045098\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe"="C:\Program Files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe"="C:\Program Files\Valve\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
"C:\Documents and Settings\user\Local Settings\Temp\Blizzard Launcher Temporary - e380ed60\Launcher.exe"="C:\Documents and Settings\user\Local Settings\Temp\Blizzard Launcher Temporary - e380ed60\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Valve\Steam\SteamApps\common\bejeweled twist\BejeweledTwist.exe"="C:\Program Files\Valve\Steam\SteamApps\common\bejeweled twist\BejeweledTwist.exe:*:Enabled:Bejeweled Twist Demo"
"C:\Program Files\Valve\Steam\SteamApps\common\spectraball demo\Spectraball.exe"="C:\Program Files\Valve\Steam\SteamApps\common\spectraball demo\Spectraball.exe:*:Enabled:Spectraball Demo"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService"
"C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"="C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator®"
"C:\Program Files\Sierra\FEARCombat\FEARMP.exe"="C:\Program Files\Sierra\FEARCombat\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c907271-d273-11dd-a9ba-001e8c47f67c}]
shell\AutoRun\command - K:\CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe
shell\open\command - K:\CONFIG\S-1-6-21-2434476501-1644491937-600003330-1213\DriveIcon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d9962da-1c48-11de-a2f1-001e8c47f67c}]
shell\AutoRun\command - K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
shell\open\command - K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e76b3ac0-6deb-11de-a366-001e8c47f67c}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-09-11 15:10:26 ----D---- C:\rsit
2009-09-11 15:10:26 ----D---- C:\Program Files\trend micro
2009-09-11 09:58:34 ----A---- C:\WINDOWS\system32\qedi.dll
2009-09-11 09:58:34 ----A---- C:\WINDOWS\rofyburacu.com
2009-09-11 09:38:55 ----A---- C:\WINDOWS\braviax.exe
2009-09-11 09:33:16 ----A---- C:\WINDOWS\vodiqy.bat
2009-09-11 09:33:16 ----A---- C:\WINDOWS\system32\xupowejuv.bat
2009-09-11 09:33:16 ----A---- C:\WINDOWS\jifa.vbs
2009-09-11 09:33:16 ----A---- C:\Program Files\Common Files\zepyhilepy.dll
2009-09-11 09:33:16 ----A---- C:\Program Files\Common Files\gyjy.com
2009-09-11 09:33:16 ----A---- C:\Documents and Settings\All Users\Application Data\uluja.com
2009-09-11 09:33:15 ----A---- C:\WINDOWS\epijup.vbs
2009-09-11 09:33:15 ----A---- C:\Program Files\Common Files\igofomafu.bat
2009-09-11 08:44:22 ----A---- C:\WINDOWS\ykatom.exe
2009-09-11 08:44:22 ----A---- C:\WINDOWS\nukypir.vbs
2009-09-11 08:44:22 ----A---- C:\Program Files\Common Files\lawidydu.exe
2009-09-11 08:44:22 ----A---- C:\Program Files\Common Files\axybyra.com
2009-09-11 08:44:22 ----A---- C:\Documents and Settings\user\Application Data\fenoc.dll
2009-09-11 08:43:21 ----A---- C:\WINDOWS\system32\wisdstr.exe
2009-09-11 08:43:19 ----A---- C:\WINDOWS\system32\braviax.exe
2009-09-11 08:43:17 ----A---- C:\WINDOWS\system32\sys32_nov.exe
2009-09-11 08:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 08:07:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 14:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-06 14:04:30 ----D---- C:\Download
2009-09-06 11:35:00 ----A---- C:\WINDOWS\system32\libmysql_d.dll
2009-09-05 12:26:46 ----D---- C:\Documents and Settings\user\Application Data\The Path
2009-09-02 20:50:37 ----D---- C:\Documents and Settings\user\Application Data\SQLyog
2009-09-02 20:50:32 ----D---- C:\Program Files\SQLyog Enterprise Trial
2009-09-01 13:01:48 ----D---- C:\Documents and Settings\user\Application Data\TeamViewer
2009-09-01 13:01:43 ----D---- C:\Program Files\TeamViewer
2009-08-31 16:21:21 ----D---- C:\Program Files\GameSpy Arcade
2009-08-31 16:12:30 ----D---- C:\Program Files\Sierra
2009-08-29 20:15:40 ----D---- C:\Documents and Settings\user\Application Data\Google
2009-08-29 20:14:07 ----D---- C:\Program Files\Google
2009-08-29 16:41:35 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 09:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 09:34:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 09:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 09:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 09:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 09:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 09:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 09:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 09:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

======List of files/folders modified in the last 1 months======

2009-09-11 15:10:26 ----RD---- C:\Program Files
2009-09-11 15:10:13 ----D---- C:\WINDOWS\Prefetch
2009-09-11 15:10:12 ----D---- C:\WINDOWS\Temp
2009-09-11 14:38:30 ----D---- C:\Program Files\Mozilla Firefox
2009-09-11 13:34:48 ----HD---- C:\$AVG8.VAULT$
2009-09-11 13:34:48 ----D---- C:\WINDOWS\system32
2009-09-11 13:22:29 ----D---- C:\WINDOWS
2009-09-11 12:11:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-11 09:58:34 ----D---- C:\Program Files\Common Files
2009-09-11 09:53:06 ----A---- C:\checkrun.txt
2009-09-11 09:51:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-11 09:48:09 ----D---- C:\WINDOWS\system32\drivers
2009-09-11 08:07:23 ----HD---- C:\WINDOWS\inf
2009-09-11 08:07:20 ----A---- C:\WINDOWS\imsins.BAK
2009-09-11 08:07:16 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-11 08:07:10 ----D---- C:\WINDOWS\ie8updates
2009-09-11 08:06:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-10 22:23:16 ----D---- C:\Documents and Settings\user\Application Data\Skype
2009-09-10 20:57:25 ----D---- C:\Documents and Settings\user\Application Data\skypePM
2009-09-08 14:49:09 ----SD---- C:\WINDOWS\Tasks
2009-09-06 17:35:21 ----D---- C:\Program Files\SpeedFan
2009-09-06 17:33:21 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-01 18:31:57 ----D---- C:\Documents and Settings\user\Application Data\Hamachi
2009-09-01 12:21:17 ----D---- C:\Program Files\World of Warcraft
2009-08-31 16:16:51 ----D---- C:\WINDOWS\system32\DirectX
2009-08-31 16:12:23 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-29 20:25:34 ----SHD---- C:\WINDOWS\Installer
2009-08-28 23:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-13 09:33:50 ----D---- C:\Program Files\Outlook Express
2009-08-12 12:23:24 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-01 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-01 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-24 108552]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 3xHybrid;Pinnacle PCTV 110i service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-09-01 827008]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-05-26 11264]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-19 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 npkcusb;npkcusb; \??\C:\Program Files\Lineage II\system\npkcusb.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 a0qz3k49;a0qz3k49; C:\WINDOWS\system32\drivers\a0qz3k49.sys []
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-01 297752]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2005-05-04 9150464]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-08-02 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2006-12-20 272024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe []
S2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-01 908056]
S2 gupdate1ca28d49fb28e9c;Služba Google Update (gupdate1ca28d49fb28e9c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-08 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

DAkujem za skore vyriesenie problemu .


Ohlásit tento příspěvek


Offline

Správca fóra
Správca fóra
Antivirus pro 2010

Registrovaný: 17.04.08
Prihlásený: 13.12.17
Príspevky: 12782
Témy: 359 | 359
Bydlisko: Myjava
Vek: 31
NapísalOffline : 11.09.2009 17:13 | Antivirus pro 2010

hned prva tema v kategorii nebola vidiet na logy :roll:
http://www.pcforum.sk/kontrola-hijackth ... 46976.html


_________________
PC: ASUS M4A785TD-V EVO / Athlon II X4 640 / Hynix 8GB (2x4GB) DDR3 1600 MHz / Sapphire HD7750 1GB Ultimate Silent Series / AMD Radeon R3 120GB / Seagate 7200.12 500GB / WD My Book Essential 3.0 2000GB / WD Elements 2000GB 2,5" / Samsung SH-S223L / ASUS BW-16D1HT / Creative Sound Blaster X-Fi XtremeMusic / Axago PCEU-43R USB3.0 / TP-LINK TG-3269 / Corsair VS450 / 24" BenQ G2420HDBL / Microsoft Natural Ergonomic Keyboard 4000 / Microsoft Comfort Mouse 4500 / Microlab SOLO9C / Koss Porta Pro / Gigabyte GT-U8300 / Microsoft Windows 10 64-bit FPP
NB: MSI M670X-091SK / Transcend 2x1GB DDR2 667MHz
MT: Microsoft Lumia 950 XL
Offline

Užívateľ
Užívateľ
Antivirus pro 2010

Registrovaný: 09.01.07
Prihlásený: 13.12.17
Príspevky: 2858
Témy: 268 | 268
Bydlisko: Bratislava
Napísal autor témyOffline : 11.09.2009 17:17 | Antivirus pro 2010

ok ok stava sa sory :) tak ak treba presun to tam.. takze co radite ?


Offline

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0 | 0
NapísalOffline : 11.09.2009 19:56 | Antivirus pro 2010

Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users" -> "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.


Offline

Užívateľ
Užívateľ
Antivirus pro 2010

Registrovaný: 09.01.07
Prihlásený: 13.12.17
Príspevky: 2858
Témy: 268 | 268
Bydlisko: Bratislava
Napísal autor témyOffline : 11.09.2009 21:45 | Antivirus pro 2010

dakuem za ochotu pomoc , uz som to zacal riesit :
zatial to vypada asi takto, uz nevyskakuje spyware :

ComboFix 09-09-10.03 - user 11.09.2009 21:09.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1328 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\hmm.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\boramovo.sys
c:\documents and settings\All Users\Application Data\ewytux.dl
c:\documents and settings\All Users\Application Data\jetefovoju.dll
c:\documents and settings\All Users\Application Data\jevuti.scr
c:\documents and settings\All Users\Application Data\meto._sy
c:\documents and settings\All Users\Application Data\qosynodo.inf
c:\documents and settings\All Users\Application Data\risazuzapa.sys
c:\documents and settings\All Users\Application Data\sazoz.sys
c:\documents and settings\All Users\Application Data\tuloc.scr
c:\documents and settings\All Users\Application Data\ujarydide.inf
c:\documents and settings\All Users\Application Data\uluja.com
c:\documents and settings\All Users\Application Data\unin.inf
c:\documents and settings\All Users\Application Data\uwudiguse.sys
c:\documents and settings\All Users\Application Data\yboqulevo._dl
c:\documents and settings\All Users\Application Data\ynezikabod.scr
c:\documents and settings\All Users\Documents\exowucov.pif
c:\documents and settings\All Users\Documents\fymoxeqa.pif
c:\documents and settings\All Users\Documents\gymuwy.com
c:\documents and settings\All Users\Documents\icigohin.pif
c:\documents and settings\All Users\Documents\ijih.reg
c:\documents and settings\All Users\Documents\jidyxitoqi.dl
c:\documents and settings\All Users\Documents\qazavoqe.pif
c:\documents and settings\All Users\Documents\ucoxe.reg
c:\documents and settings\All Users\Documents\ywivuhepub.pif
c:\documents and settings\All Users\Documents\zygika.dl
c:\documents and settings\user\Application Data\amaqud.pif
c:\documents and settings\user\Application Data\fenoc.dll
c:\documents and settings\user\Application Data\merydehob.dl
c:\documents and settings\user\Application Data\nukikuc.ban
c:\documents and settings\user\Application Data\secuh._dl
c:\documents and settings\user\Application Data\xowataxef.bin
c:\documents and settings\user\Application Data\zasagofe.com
c:\documents and settings\user\Cookies\asakytako.dl
c:\documents and settings\user\Cookies\cedyfalyzo.pif
c:\documents and settings\user\Cookies\hajen.reg
c:\documents and settings\user\Cookies\ipixiret.reg
c:\documents and settings\user\Cookies\lolakuly.bin
c:\documents and settings\user\Cookies\mofe.ban
c:\documents and settings\user\Cookies\ohesok.vbs
c:\documents and settings\user\Cookies\onire.reg
c:\documents and settings\user\Cookies\pypoduve.vbs
c:\documents and settings\user\Cookies\qosysonuby.reg
c:\documents and settings\user\Cookies\qyqem.exe
c:\documents and settings\user\Cookies\ucote.reg
c:\documents and settings\user\Cookies\uketawac.exe
c:\documents and settings\user\Cookies\uqutojadu.bat
c:\documents and settings\user\Cookies\utojov.reg
c:\documents and settings\user\Cookies\wezitemim.reg
c:\documents and settings\user\Cookies\xutiz.ban
c:\documents and settings\user\Cookies\yjex.reg
c:\documents and settings\user\delself.bat
c:\documents and settings\user\Local Settings\Application Data\agahu.exe
c:\documents and settings\user\Local Settings\Application Data\avemite.ban
c:\documents and settings\user\Local Settings\Application Data\fusib._dl
c:\documents and settings\user\Local Settings\Application Data\givulyz._dl
c:\documents and settings\user\Local Settings\Application Data\gytunid.pif
c:\documents and settings\user\Local Settings\Application Data\lozofaqof.bin
c:\documents and settings\user\Local Settings\Application Data\luqu.reg
c:\documents and settings\user\Local Settings\Application Data\owowitesy.exe
c:\documents and settings\user\Local Settings\Application Data\owupybyju.pif
c:\documents and settings\user\Local Settings\Application Data\soxajusizy.vbs
c:\documents and settings\user\Local Settings\Application Data\ufyfen.ban
c:\documents and settings\user\Local Settings\Application Data\ysofyt.exe
c:\documents and settings\user\Local Settings\Temporary Internet Files\bylup.ban
c:\documents and settings\user\Local Settings\Temporary Internet Files\exiremyhaz.db
c:\documents and settings\user\Local Settings\Temporary Internet Files\idalaram.sys
c:\documents and settings\user\Local Settings\Temporary Internet Files\izob.sys
c:\documents and settings\user\Local Settings\Temporary Internet Files\kikuvopo._dl
c:\documents and settings\user\Local Settings\Temporary Internet Files\qapezeq.bin
c:\documents and settings\user\Local Settings\Temporary Internet Files\qetygi.vbs
c:\documents and settings\user\Local Settings\Temporary Internet Files\timasu.vbs
c:\documents and settings\user\Local Settings\Temporary Internet Files\ufywirilaq.dll
c:\documents and settings\user\Local Settings\Temporary Internet Files\uleko.lib
c:\documents and settings\user\Local Settings\Temporary Internet Files\upoluzeleh.dl
c:\documents and settings\user\Local Settings\Temporary Internet Files\uwid.db
c:\documents and settings\user\Local Settings\Temporary Internet Files\ykurykyvi.db
c:\documents and settings\user\Local Settings\Temporary Internet Files\yruwikyf.exe
c:\documents and settings\user\Local Settings\Temporary Internet Files\yxykytuj.reg
c:\documents and settings\user\Local Settings\Temporary Internet Files\zyhite.dll
c:\documents and settings\user\sys32_nov.exe
c:\program files\Common Files\asypova.reg
c:\program files\Common Files\axybyra.com
c:\program files\Common Files\dotuqovad.scr
c:\program files\Common Files\gyjy.com
c:\program files\Common Files\igofomafu.bat
c:\program files\Common Files\imipis.sys
c:\program files\Common Files\lawidydu.exe
c:\program files\Common Files\rubisyfedu.scr
c:\program files\Common Files\uwapuve.dl
c:\program files\Common Files\yxycyt.pif
c:\program files\Common Files\zepyhilepy.dll
c:\windows\abako.inf
c:\windows\adaw.bin
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\eduxulynyx.sys
c:\windows\efyhutun.scr
c:\windows\epijup.vbs
c:\windows\ityja.inf
c:\windows\ixemipus.dll
c:\windows\jahed.dl
c:\windows\jifa.vbs
c:\windows\nukypir.vbs
c:\windows\oxabudute.reg
c:\windows\pimumoguh.reg
c:\windows\syqet.inf
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\dodam.ban
c:\windows\system32\etyda.ban
c:\windows\system32\inuxu.ban
c:\windows\system32\jebunar.reg
c:\windows\system32\onerybo.bin
c:\windows\system32\qanyji.pif
c:\windows\system32\qedi.dll
c:\windows\system32\sys32_nov.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\xupowejuv.bat
c:\windows\taqyfume.reg
c:\windows\uvaze.vbs
c:\windows\vodiqy.bat
c:\windows\xagy._dl
c:\windows\xehevofezi._dl
c:\windows\ydys._dl
c:\windows\ykatom.exe
c:\windows\ylydicum.scr
c:\windows\zugu._dl

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{8F21247B-9B8E-4F93-A3E3-4CBDABD06204}\RP530\A0117835.sys

Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\agp440.sys

.
((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 13:10 . 2009-09-11 18:58 -------- d-----w- c:\program files\trend micro
2009-09-11 13:10 . 2009-09-11 13:10 -------- d-----w- C:\rsit
2009-09-11 07:58 . 2009-09-11 07:58 11425 ----a-w- c:\windows\rofyburacu.com
2009-09-11 07:33 . 2009-09-11 07:33 15566 ----a-w- c:\windows\cewykyka.dat
2009-09-10 13:06 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 16:14 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-09-08 16:14 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-09-08 16:14 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-08 16:14 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-09-06 12:04 . 2009-09-06 12:05 -------- d-----w- C:\Download
2009-09-06 09:35 . 2009-07-10 10:33 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2009-09-05 10:26 . 2009-09-05 10:30 -------- d-----w- c:\documents and settings\user\Application Data\The Path
2009-09-02 18:50 . 2009-09-03 14:02 -------- d-----w- c:\documents and settings\user\Application Data\SQLyog
2009-09-02 18:50 . 2009-09-05 08:34 -------- d-----w- c:\program files\SQLyog Enterprise Trial
2009-09-01 11:01 . 2009-09-03 15:41 -------- d-----w- c:\documents and settings\user\Application Data\TeamViewer
2009-09-01 11:01 . 2009-09-01 11:01 -------- d-----w- c:\program files\TeamViewer
2009-09-01 11:01 . 2009-09-01 11:01 -------- d-----w- c:\documents and settings\user\temp
2009-08-31 14:21 . 2009-08-31 14:21 -------- d-----w- c:\program files\GameSpy Arcade
2009-08-31 14:12 . 2009-08-31 14:12 -------- d-----w- c:\program files\Sierra
2009-08-29 18:30 . 2009-08-29 18:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-29 18:15 . 2009-08-29 18:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-29 18:14 . 2009-08-29 18:23 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
2009-08-29 18:14 . 2009-09-09 12:48 -------- d-----w- c:\program files\Google
2009-08-12 20:45 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 18:51 . 2008-03-24 17:43 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2009-09-11 14:52 . 2009-09-11 14:52 12072 ----a-w- c:\program files\Common Files\udesily.db
2009-09-11 07:33 . 2009-09-11 07:33 16847 ----a-w- c:\documents and settings\user\Application Data\zisyz.dat
2009-09-11 07:33 . 2009-09-11 07:33 11026 ----a-w- c:\program files\Common Files\luxod.lib
2009-09-11 06:44 . 2009-09-11 06:44 14542 ----a-w- c:\program files\Common Files\eqexyx.lib
2009-09-10 18:57 . 2008-03-24 17:45 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2009-09-06 15:35 . 2009-05-26 15:11 -------- d-----w- c:\program files\SpeedFan
2009-09-01 16:31 . 2009-04-19 14:28 -------- d-----w- c:\documents and settings\user\Application Data\Hamachi
2009-09-01 10:21 . 2008-03-05 13:28 -------- d-----w- c:\program files\World of Warcraft
2009-08-31 14:12 . 2008-02-12 15:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 07:35 . 2008-02-12 14:36 56104 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 11:17 . 2009-08-11 11:17 -------- d-----w- c:\program files\Microsoft Games
2009-08-10 19:15 . 2009-01-29 16:08 38 ----a-w- c:\windows\popcinfot.dat
2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 14:18 . 2008-02-13 07:42 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-02 14:18 . 2009-08-02 14:18 -------- d-----w- c:\documents and settings\user\Application Data\id Software
2009-08-02 14:18 . 2008-02-13 07:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-02 14:18 . 2008-02-13 07:42 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-02 14:18 . 2009-08-02 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-08-01 09:29 . 2008-07-24 13:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-01 09:29 . 2008-07-24 13:22 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-01 09:29 . 2008-07-24 13:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-24 15:36 . 2009-07-23 13:52 -------- d-----w- c:\documents and settings\user\Application Data\Folding@home-gpu
2009-07-24 13:31 . 2009-07-23 16:23 -------- d-----w- c:\program files\FahMon
2009-07-23 18:30 . 2009-07-23 13:36 -------- d-----w- c:\program files\Lineage II
2009-07-23 17:26 . 2009-07-23 16:05 -------- d-----w- c:\program files\Folding@home
2009-07-23 16:43 . 2009-07-23 16:42 -------- d-----w- c:\documents and settings\user\Application Data\Folding@home-x86
2009-07-23 13:49 . 2009-07-23 13:49 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-23 13:36 . 2009-07-23 13:36 -------- d-----w- c:\documents and settings\user\Application Data\InstallShield
2009-07-17 21:47 . 2008-06-18 17:43 -------- d-----w- c:\documents and settings\user\Application Data\ICQ
2009-07-17 20:00 . 2009-07-11 07:24 -------- d-----w- c:\documents and settings\user\Application Data\U3
2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 17:51 . 2008-04-28 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-07-13 21:43 . 2004-08-03 23:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 16:33 . 2008-02-13 08:05 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-03 17:09 . 2004-08-03 23:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-03 23:56 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-03 23:56 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-03 23:56 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-03 23:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-03 23:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-03 23:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-03 21:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-03 23:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1062144]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMCS"="c:\program files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-06-08 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-06-08 90112]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-01 09:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\condition zero\\hl.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\dedicated server\\hlds.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\ricochet\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\zolixgemini\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\bejeweled twist\\BejeweledTwist.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\spectraball demo\\Spectraball.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [24.7.2008 15:22 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24.7.2008 15:22 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24.7.2008 15:22 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [18.6.2009 16:09 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10.1.2009 11:11 297752]
R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [10.4.2008 17:13 827008]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [12.2.2008 17:30 38656]
S2 gupdate1ca28d49fb28e9c;Služba Google Update (gupdate1ca28d49fb28e9c);c:\program files\Google\Update\GoogleUpdate.exe [29.8.2009 20:15 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 18:14]

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 18:14]

2009-09-11 c:\windows\Tasks\User_Feed_Synchronization-{0BDD8109-C0CF-4AE7-8B29-F70F5157BBFB}.job
- c:\windows\system32\msfeedssync.exe [2009-05-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\16ueqcio.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\16ueqcio.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Pinnacle WebUpdater - c:\program files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml
HKLM-Run-Antivirus Pro 2010 - c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-746137067-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,07,af,d0,ce,c2,de,dd,4c,84,7a,9b,04,de,e0,82,b3,6a,22,b6,08,a7,d5,
38,05,8b,e9,a1,8c,7b,78,e9,5d,b1,27,d8,db,85,09,e7,71,1e,2c,d2,c0,63,c0,84,\
"??"=hex:88,0d,90,80,36,b8,b1,f7,84,ef,e8,01,9c,46,48,f3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ed,df,97,2f,35,
10,7d,06,e2,63,26,f1,3f,c8,ff,68,78,11,ce,ae,2b,ea,bb,e1,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,0a,ac,b0,54,bb,
2f,56,6d,6a,9c,d6,61,af,45,84,18,6b,bd,ba,09,73,07,68,67,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ea,91,66,ae,ee,
2b,83,fb,ff,7c,85,e0,43,d4,0e,fe,d1,f0,c7,d3,98,15,04,e7,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,2e,df,59,d5,d3,
32,7c,a3,86,8c,21,01,be,91,eb,e7,c7,99,b2,84,1a,f3,55,f8,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,b2,c6,f7,b9,bc,
a3,bc,e5,f5,1d,4d,73,a8,13,5c,05,30,e9,02,2a,73,0a,79,a6,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,fd,ce,0a,d0,65,
d0,e5,ac,df,20,58,62,78,6b,cf,c8,d7,11,b0,20,0b,96,53,af,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,45,f4,82,80,b6,
9f,b4,a7,fb,a7,78,e6,12,2f,9a,ea,f1,c6,c2,91,e4,08,ac,e6,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,d2,6b,94,4c,
18,12,b1,01,3a,48,fc,e8,04,4a,f1,51,50,3c,c3,68,bf,fe,94,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,3e,ba,75,e3,3c,
e1,9e,7d,f6,0f,4e,58,98,5b,89,c9,2d,20,02,ad,f0,74,88,fc,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,0f,4e,2b,f8,d9,
f3,c6,4c,3d,ce,ea,26,2d,45,aa,78,b7,c0,27,9f,77,50,6a,3e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,91,24,e4,6b,21,
36,61,8a,2a,b7,cc,b5,b9,7f,41,e7,b5,c0,3e,8e,f0,7e,7e,bf,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,33,85,15,17,55,
67,a6,6c,6c,43,2d,1e,aa,22,2f,9c,d4,e0,b4,8e,d5,c1,74,bc,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\rundll32.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
c:\windows\system32\control.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\control.exe
.
**************************************************************************
.
Completion time: 2009-09-11 21:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 19:27

Pre-Run: 99 011 186 688 bytes free
Post-Run: 19 adresárov, 100 891 181 056 voľných bajtov

441 --- E O F --- 2009-09-11 06:09


 [ Príspevkov: 5 ] 


Antivirus pro 2010



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

PES 2010 - Pro Evolution Soccer 2010

[ Choď na stránku:Choď na stránku: 1, 2 ]

v Počítačové hry

42

5886

20.12.2010 19:40

Cobra99

V tomto fóre nie sú ďalšie neprečítané témy.

TrustPort Antivirus 2010

v Antivíry a antispywary

8

597

20.01.2010 19:08

pitimir

V tomto fóre nie sú ďalšie neprečítané témy.

Acrobat 8 Pro vs. Office 2010 Pro

v Ostatné programy

4

325

11.11.2010 23:33

Seth Sparrow

V tomto fóre nie sú ďalšie neprečítané témy.

Panda Antivirus Pro 2011

v Antivíry a antispywary

2

360

30.10.2010 20:31

44mato44

V tomto fóre nie sú ďalšie neprečítané témy.

antivirus

v Ostatné

5

373

09.05.2010 18:51

david3504

V tomto fóre nie sú ďalšie neprečítané témy.

ANTIVIRUS

v Ostatné

7

402

27.12.2008 15:52

patnal

V tomto fóre nie sú ďalšie neprečítané témy.

Antivirus

v Operačné systémy Microsoft

7

94

26.12.2012 19:10

TRT

V tomto fóre nie sú ďalšie neprečítané témy.

Antivírus

v Antivíry a antispywary

13

441

05.02.2012 20:47

Filoo

V tomto fóre nie sú ďalšie neprečítané témy.

Antivirus

v Bezpečnosť a firewally

10

1041

23.07.2010 19:42

Nanosonda

V tomto fóre nie sú ďalšie neprečítané témy.

Antivirus

v Antivíry a antispywary

14

754

14.01.2008 21:57

s.w.i.n.a1

V tomto fóre nie sú ďalšie neprečítané témy.

Ktory antivirus?

v Antivíry a antispywary

8

664

02.03.2010 19:28

Semp

V tomto fóre nie sú ďalšie neprečítané témy.

Ktory antivirus?

v Antivíry a antispywary

2

421

24.11.2009 16:44

pitimir

V tomto fóre nie sú ďalšie neprečítané témy.

64bitovy antivirus

v Antivíry a antispywary

5

1218

13.03.2010 17:14

crom

Táto téma je zamknutá, nemôžete posielať nové príspevky alebo odpovedať na staršie.

Aky antivirus?

v Antivíry a antispywary

3

1621

15.10.2009 12:51

ac.milan

V tomto fóre nie sú ďalšie neprečítané témy.

uTorrent Antivirus

v Sieťové a internetové programy

3

279

20.04.2009 17:52

ac.milan

V tomto fóre nie sú ďalšie neprečítané témy.

zalohovať antivirus

v Antivíry a antispywary

1

82

30.10.2014 12:19

Mandy



© 2005 - 2017 PCforum, edited by JanoF