Veľa vírusov - súrne

[-Matthew-]

Zdravím, už raz som si tu dal kontrolovať log a dočkal som sa dobrej pomoci a opravy, vtedy mi log kontroloval "vyosek". Nakolko je to už dosť dávno, zabudol som meno, aké som mal, tak som sa rýchlo regol znova..

PC fungoval uplne super, až kým mi jeden známy neposlal jeden odkaz na nejaký obrázok. Samozrejme som si ho stiahol a uložil.. no po otvorení mi antivirus (NOD) hneď vyhodil okno s infiltráciami a vírusmi, ktoré uložil do karanteny. PC ale začal totálne sekať, bol spomaleny a reaguje na klik myškou tak každých 15-20 sec. no proste hrozné. Resetol som to a znova to šlo pomaly, stiahol som "Malwarebytes anti-malware" dal kontrolu PC, kde našlo 12 infiltrovanych objektov. Boli to len súbory v documents and settings a tak som dal "Odstrániť". Resetol PC a ten šiel ako hodinky a uplne v pohode. Takto šiel aj deň potom no dnes som prišiel a všetko spomalene, ešte horšie ako predtým. Hneď po spustení mi vyhodí okná s infiltraciami vírusov (trojsky kôn, červ..)

Tu je RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Martin at 2012-01-31 15:29:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 266 GB (31%) free of 853 GB
Total RAM: 3326 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:29:25, on 31.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Documents and Settings\Martin\Application Data\10.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Martin\Application Data\10.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin\My Documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [Visual Task Tips] "C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G122] C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [PService] C:\Documents and Settings\Martin\Application Data\10.exe
O4 - HKCU\..\Run: [ESET] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PService] C:\Documents and Settings\Martin\Application Data\10.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: xD.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 9111 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\prrbkrkl.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, jqs@sun.com:1.0, {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546, {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.2"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.3.6&q="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Program Files\Real\RealPlayer\browserrecord
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\prrbkrkl.default\extensions\
engine@plasmoo.com
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
{800b5000-a755-47e1-992b-48a1c1357f07}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{930f1200-f5f1-4870-bac6-e233ec8e7023}
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

C:\Documents and Settings\Martin\Application Data\Mozilla\Firefox\Profiles\prrbkrkl.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin.xml
plasmoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-27 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Visual Task Tips"=C:\Program Files\Windows7\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-27 16875008]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"D-Link AirPlus XtremeG DWL-G122"=C:\Program Files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe [2008-12-18 1556480]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-27 198160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
"PService"=C:\Documents and Settings\Martin\Application Data\10.exe [2012-01-31 360500]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ESET"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-28 25088]
"PService"=C:\Documents and Settings\Martin\Application Data\10.exe [2012-01-31 360500]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnalogClock]
C:\Program Files\Windows7\Analog Clock\AnalogClock.exe [2005-11-05 480256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pie Dock]
C:\Program Files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe [2007-09-02 586240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
C:\Program Files\Windows7\TopDesk\topdesk.exe [2007-06-20 1912832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
C:\Program Files\Windows7\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viena Explorer]
C:\Program Files\Windows7\Vienna Explorer\Vienna Explorer.exe [2006-11-18 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2
"wuauserv"=2
"WMPNetworkSvc"=3
"JavaQuickStarterService"=2
"gupdate1c9cf1520895eca"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\Martin\Start Menu\Programs\Startup
CurseClientStartup.ccip
xD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2009-02-18 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
TPSvc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-12 190976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-04-28 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\Launcher.exe"="C:\Documents and Settings\Martin\Desktop\Hry\WoW\WotLK\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Documents and Settings\Martin\Desktop\Programy\Internet\Fake IP\FakeIP\DC_IS.EXE"="C:\Documents and Settings\Martin\Desktop\Programy\Internet\Fake IP\FakeIP\DC_IS.EXE:*:Enabled:DC_IS"
"C:\Program Files\ACSPMonitor\ASMonitor.exe"="C:\Program Files\ACSPMonitor\ASMonitor.exe:*:Enabled:System"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\EA GAMES\Command and Conquer Generals\game.dat"="C:\Program Files\EA GAMES\Command and Conquer Generals\game.dat:*:Enabled:game"
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat"="C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"C:\Program Files\EA GAMES\Command & Conquer Generals Zero Hour\game.dat"="C:\Program Files\EA GAMES\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Pyro Studios\Imperial Glory\ImperialGlory.exe"="C:\Program Files\Pyro Studios\Imperial Glory\ImperialGlory.exe:*:Enabled:ImperialGlory"
"C:\Documents and Settings\Martin\Desktop\Hry\Stronghold Crusader\Stronghold Crusader.exe"="C:\Documents and Settings\Martin\Desktop\Hry\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\Program Files\keyclone\keyclone.exe"="C:\Program Files\keyclone\keyclone.exe:*:Enabled:keyclone"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Documents and Settings\Martin\Local Settings\Apps\2.0\DZ4E3HTC.YDE\CZ1GC0M3.6Q7\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe"="C:\Documents and Settings\Martin\Local Settings\Apps\2.0\DZ4E3HTC.YDE\CZ1GC0M3.6Q7\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe:*:Enabled:Curse Client 4.0"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.FPS1"=frapsvid.dll
"VIDC.CFHD"=CFHD.dll

======List of files/folders created in the last 1 month======

2012-01-31 15:29:20 ----D---- C:\rsit
2012-01-31 15:18:08 ----A---- C:\WINDOWS\isRS-000.tmp
2012-01-31 15:10:20 ----A---- C:\Documents and Settings\Martin\Application Data\8.exe
2012-01-31 14:22:23 ----A---- C:\Documents and Settings\Martin\Application Data\10.exe
2012-01-30 16:20:03 ----A---- C:\Documents and Settings\Martin\Application Data\3B.exe
2012-01-30 16:19:55 ----A---- C:\Documents and Settings\Martin\Application Data\E.exe
2012-01-29 21:24:01 ----A---- C:\Documents and Settings\Martin\Application Data\1C.exe
2012-01-29 21:23:57 ----A---- C:\Documents and Settings\Martin\Application Data\14.exe
2012-01-29 19:28:32 ----A---- C:\Documents and Settings\Martin\Application Data\2F.exe
2012-01-29 18:25:15 ----A---- C:\Documents and Settings\Martin\Application Data\D.exe
2012-01-29 18:20:29 ----A---- C:\Documents and Settings\Martin\Application Data\329A.exe
2012-01-29 18:20:25 ----A---- C:\Documents and Settings\Martin\Application Data\328E.exe

======List of files/folders modified in the last 1 month======

2012-01-31 15:29:25 ----D---- C:\WINDOWS\Prefetch
2012-01-31 15:29:25 ----D---- C:\Program Files\trend micro
2012-01-31 15:29:21 ----D---- C:\WINDOWS\temp
2012-01-31 15:27:44 ----D---- C:\WINDOWS\system32\drivers
2012-01-31 15:21:08 ----D---- C:\WINDOWS
2012-01-31 15:19:48 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2012-01-31 15:19:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-31 15:18:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-31 15:14:55 ----D---- C:\Documents and Settings\Martin\Application Data\vlc
2012-01-30 23:03:58 ----D---- C:\Documents and Settings\Martin\Application Data\Skype
2012-01-30 19:00:54 ----D---- C:\Documents and Settings\Martin\Application Data\dvdcss
2012-01-30 19:00:52 ----A---- C:\WINDOWS\NeroDigital.ini
2012-01-29 21:18:50 ----D---- C:\WINDOWS\AppPatch
2012-01-29 19:27:20 ----D---- C:\WINDOWS\Minidump
2012-01-29 18:15:34 ----D---- C:\Documents and Settings\Martin\Application Data\Adobe
2012-01-29 16:55:21 ----D---- C:\Documents and Settings\Martin\Application Data\ICQ
2012-01-21 14:45:04 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-13 18:36:23 ----SHD---- C:\WINDOWS\Installer
2012-01-13 18:36:21 ----RD---- C:\Program Files\Skype
2012-01-13 18:36:19 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2012-01-13 18:36:14 ----D---- C:\Program Files\Common Files
2012-01-13 18:34:57 ----D---- C:\Documents and Settings\Martin\Application Data\skypePM
2012-01-13 18:26:48 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-01-13 18:26:48 ----D---- C:\WINDOWS\system32\drivers\UMDF
2012-01-08 20:49:02 ----HD---- C:\WINDOWS\inf
2012-01-02 16:37:38 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-07 685816]
R0 szkg5;szkg5; C:\WINDOWS\system32\DRIVERS\szkg.sys [2009-12-07 61328]
R0 szkgfs;szkgfs; C:\WINDOWS\system32\drivers\szkgfs.sys [2010-05-12 59280]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R3 bbcap;bbcap; C:\WINDOWS\system32\DRIVERS\bbcap.sys [2009-12-21 4096]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-27 4742656]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2011-05-24 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S0 is3srv;is3srv; C:\WINDOWS\system32\drivers\is3srv.sys [2009-12-07 61328]
S3 ad11lega;ad11lega; C:\WINDOWS\system32\drivers\ad11lega.sys []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 rt2500usb;DWL-G122(rev.B) USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys []
S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2011-07-01 26624]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wip0202;Wippien Network Adapter; C:\WINDOWS\system32\DRIVERS\wip0202.sys [2007-06-27 23904]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-04-28 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-28 82944]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-09-19 72704]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-30 168004]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-18 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-18 107832]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2010-12-15 62928]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-07-07 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-02-18 121360]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-13 152984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


Potrebujem to súrne vyriešiť, vopred ďakujem za pomoc.

[-Matthew-]

Dodám ešte, že nielen PC seká, ale aj net, proste všetko.. úplne všetko je spomalené.. a toto mi hneď po spustení vyhodilo obrázok nižšie.. a nielen toto, ale ešte asi ďalšie 2-3 okná s ďalšími infiltráciami..

[vyosek]

Zdravim a pekne odpoledne preji

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Scan
• Po dokonceni skenu kliknete na Report - otevre se log, ten sem vlozte

[-Matthew-]

Ten prvý postup na ten TDSSKiller mi nechce otvoriť ani tu v chrome ani v opere.

A k tomu RogueKiller, tu je ten log

RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Martin [Admin rights]
Mode: Scan -- Date : 01/31/2012 16:20:25

¤¤¤ Bad processes: 2 ¤¤¤
[ROGUE ST] 10.exe -- C:\Documents and Settings\Martin\Application Data\10.exe -> KILLED [TermProc]
[ROGUE ST] 10.exe -- C:\Documents and Settings\Martin\Application Data\10.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : PService (C:\Documents and Settings\Martin\Application Data\10.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Run : PService (C:\Documents and Settings\Martin\Application Data\10.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1004336348-1275210071-1801674531-1003[...]\Run : PService (C:\Documents and Settings\Martin\Application Data\10.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 50593df577cd17a77e31f45b499dc5b6
[BSP] 4d509d1e201f6e801dbcc5ded1b66644 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 852872 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1746683190 | Size: 100994 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[vyosek]

No jenze malware tam je schovany jeste a bude

Spustte znovu RogueKiller

• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Scan a pote Deletion a nasledne Report - otevre se log, ten sem vlozte
• Pak kliknete na HostFix a Report - otevre se log, ten sem vlozte
• Pak kliknete na ProxyFix a Report - otevre se log, ten sem vlozte

[-Matthew-]

HostFix log

RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Martin [Admin rights]
Mode: HOSTSFix -- Date : 01/31/2012 16:30:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt


ProxyFix log

RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Martin [Admin rights]
Mode: ProxyFix -- Date : 01/31/2012 16:31:46

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

[vyosek]

volba Deletion by byla?

[-Matthew-]

volba Deletion by byla?

Aha, nevšimol som si, že aj z toho treba log, prepáčte. Tu je:

RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Martin [Admin rights]
Mode: Remove -- Date : 01/31/2012 16:30:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : PService (C:\Documents and Settings\Martin\Application Data\10.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : PService (C:\Documents and Settings\Martin\Application Data\10.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 50593df577cd17a77e31f45b499dc5b6
[BSP] 4d509d1e201f6e801dbcc5ded1b66644 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 852872 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1746683190 | Size: 100994 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill SCR:
  http://download.bleepingcomputer.com/grinler/rkill.scr
  
  Rkill PIF:
  http://download.bleepingcomputer.com/grinler/rkill.pif

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[-Matthew-]

Po spustení a dokončení Rkill sa mi objavilo okno s tými infiltráciami nad NOD-om. Potom som postupoval podľa návodu, vypol FW aj ten antivirus a spustil combofix.. tu je log:


ComboFix 12-01-30.02 - Martin 31.01.2012 16:57:54.9.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.421.1033.18.3326.2449 [GMT 1:00]
Running from: c:\documents and settings\Martin\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Martin\Application Data\14.exe
c:\documents and settings\Martin\Application Data\1C.exe
c:\documents and settings\Martin\Application Data\2F.exe
c:\documents and settings\Martin\Application Data\328E.exe
c:\documents and settings\Martin\Application Data\329A.exe
c:\documents and settings\Martin\Application Data\3B.exe
c:\documents and settings\Martin\Application Data\8.exe
c:\documents and settings\Martin\Application Data\D.exe
c:\documents and settings\Martin\Application Data\E.exe
c:\documents and settings\Martin\Start Menu\Programs\Startup\xD.exe
c:\windows\isRS-000.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 14:29 . 2012-01-31 14:29 -------- d-----w- C:\rsit
2012-01-02 15:37 . 2012-01-02 15:37 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-02 15:37 . 2012-01-02 15:37 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-02 15:37 . 2012-01-02 15:37 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-02 15:37 . 2012-01-02 15:37 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 14:19 . 2009-05-07 12:19 16608 ----a-w- c:\windows\gdrv.sys
2011-12-21 15:38 . 2011-12-02 21:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2010-12-20 18:51 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 15:37 . 2011-04-29 14:36 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-28 09:18 . CB75214525D36F923D3948DA3CD1562D . 1390080 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-04-28 . A55B8899D2EA2E800061BCFD456E34DC . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-03-20 . F92D8964B5286DE225BD2B6BF89764BE . 578560 . . [5.1.2600.5508] . . c:\windows\system32\user32.dll
.
[-] 2008-08-18 . 4A90F51B778FA0157F60D206E8B37D2A . 1616384 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . 18B0915F58A5342AB0F3D01D57261E32 . 267264 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-03-20 . 31653CDF039C3F415B8D33F2D133E6AB . 1287168 . . [5.1.2600.5508] . . c:\windows\system32\ole32.dll
.
[-] 2008-04-28 . B5E8782D4AF1B3756F38E11E7C157BBE . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-26 . BC298B78B311397B421D4D52B44B49EC . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-28 . A913E1FF4C0BDA15FC542430182EB7B6 . 368640 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
.
[-] 2011-07-12 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6002.18005] . . c:\windows\system32\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ESET"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"ESET"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Visual Task Tips"="c:\program files\Windows7\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"D-Link AirPlus XtremeG DWL-G122"="c:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-12-18 1556480]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-27 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\Martin\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-7-12 0]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-31 809488]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnalogClock]
2005-11-05 06:10 480256 ----a-w- c:\program files\Windows7\Analog Clock\AnalogClock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pie Dock]
2007-09-02 06:12 586240 ----a-w- c:\program files\Windows7\Windows 7 Pie Dock\Windows 7 Pie Dock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-06-18 10:01 77824 ------r- c:\windows\SoundMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
2007-06-20 08:21 1912832 ----a-w- c:\program files\Windows7\TopDesk\topdesk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
2006-05-21 03:43 180224 ----a-w- c:\program files\Windows7\UberIcon\UberIcon Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viena Explorer]
2006-11-18 10:31 581632 ----a-w- c:\program files\Windows7\Vienna Explorer\Vienna Explorer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2 (0x2)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"gupdate1c9cf1520895eca"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\WoW\\WotLK\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\WoW\\WotLK\\Launcher.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Programy\\Internet\\Fake IP\\FakeIP\\DC_IS.EXE"=
"c:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\EA GAMES\\Command & Conquer Generals Zero Hour\\game.dat"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"=
"c:\\Documents and Settings\\Martin\\Desktop\\Hry\\Stronghold Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Documents and Settings\\Martin\\Local Settings\\Apps\\2.0\\DZ4E3HTC.YDE\\CZ1GC0M3.6Q7\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2009 16:48 685816]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7.12.2009 16:59 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [12.5.2010 17:01 59280]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 7:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 7:23 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 7:23 810120]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [7.5.2009 13:19 80392]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2010 19:51 652360]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [21.12.2009 14:46 4096]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2010 19:51 20464]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.5.2009 10:12 47360]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7.12.2009 16:59 61328]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [19.8.2010 22:56 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [19.8.2010 22:56 8456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 wip0202;Wippien Network Adapter;c:\windows\system32\drivers\wip0202.sys [22.9.2011 10:50 23904]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\prrbkrkl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 17:07
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Vumemz = c:\documents and settings\Martin\Application Data\Vumemz.exe
.
scanning hidden files ...
.
.
c:\documents and settings\Martin\Application Data\Vumemz.exe 289661 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vumemz"="c:\\Documents and Settings\\Martin\\Application Data\\Vumemz.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-1275210071-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ae,81,b6,23,f1,38,55,60,1a,40,39,68,d4,0e,41,fd,e2,92,5f,2e,ad,8c,35,
98,0d,27,71,7b,ab,c5,5e,06,5c,86,9a,a9,40,65,78,77,d7,bd,34,3a,d2,f7,d6,c6,\
"??"=hex:74,34,6c,c6,63,7c,94,93,70,3b,e2,47,bb,62,96,f1
.
[HKEY_USERS\S-1-5-21-1004336348-1275210071-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:d4,5b,b0,2e,e4,5d,1d,f0,64,6c,a2,ce,2b,8d,18,be,2c,09,6d,83,f8,
73,63,f1,6e,7c,0a,c2,5e,f5,cb,5d,99,e5,92,03,ab,08,5a,4e,6b,6a,df,3b,76,58,\
"rkeysecu"=hex:82,8d,26,5c,2a,1d,1f,ba,76,45,be,d0,94,0f,3c,0b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\SETUPAPI.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
c:\windows\system32\sfc_os.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\setupapi.dll
.
Completion time: 2012-01-31 17:10:38
ComboFix-quarantined-files.txt 2012-01-31 16:10
.
Pre-Run: 278 393 577 472 bytes free
Post-Run: 279 127 351 296 bytes free
.
- - End Of File - - C1CA386540E0951BF4AAC3EE94E3FC11

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\windows\system32\winlogon.exe
  c:\windows\regedit.exe
  c:\windows\system32\comres.dll
  c:\windows\explorer.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

[-Matthew-]

VirusTotal stránku nechce otvoriť, to isté vypisuje ako pri tom TDSSKiller odkaze.

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\documents and settings\Martin\Application Data\Vumemz.exe
  
  Rootkit::
  c:\documents and settings\Martin\Application Data\Vumemz.exe
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Vumemz"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\Documents and Settings\\Martin\\Local Settings\\Apps\\2.0\\DZ4E3HTC.YDE\\CZ1GC0M3.6Q7\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "TkBellExe"=-
  "QuickTime Task"=-
  "Malwarebytes' Anti-Malware"=-
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\prrbkrkl.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.2.9&q=
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.3.6&q=
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1004336348-1275210071-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_USERS\S-1-5-21-1004336348-1275210071-1801674531-1003\Software\SecuROM\License information*]ion*]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[-Matthew-]

Spravil som to presne podľa návodu, combofix načítal, vyhodil to modré okno, ale nič ďalej.. ani po 15 minutach.. musel som resetnúť PC, dal som len start windows normaly, no po spustení opäť seká a tiež vyhodilo 4 okná s tými vírusmi ako predtým.

Možno len ten program zamrzol, mám to skúsiť znova? - myslim ten combofix s tým txt súborom

[vyosek]

Ano, opakujte to ale v nouzovem rezimu - restart PC, mackat F8, zvolit Stav nouze s praci v siti