posiela mi samo spravy z icq

Zpráva

hinatahyuuga · #1 Příspěvek od **hinatahyuuga** » 03 led 2010 12:37

Dobry den , prosim o kontrolu
Posiela ,mi samovolne spravy z icq aj ked nemam zapnute icq ,s roznymi odkazmi na ruske stranky ,
dakujem

hinatahyuuga · #2 Příspěvek od **hinatahyuuga** » 03 led 2010 12:37

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nemesis at 2010-01-03 12:35:04
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (24%) free of 26 GB
Total RAM: 767 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:11, on 3.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Nemesis\Desktop\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nemesis\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nemesis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2090540
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: 82.208.58.96 l2authd.lineage2.com
O1 - Hosts: 82.208.58.96 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Nemesis\Desktop\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Nemesis\Local Settings\temp\{228469C9-32D0-4F4F-AC6B-1926C4CC56AB}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device (apple mobile device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7216 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-03-30 5898240]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-03-30 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-14 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2005-09-25 155648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Documents and Settings\Nemesis\Desktop\DAEMON Tools Lite\daemon.exe [2008-07-04 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-09-25 94208]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2009-12-31 2935480]

C:\Documents and Settings\Nemesis\Start Menu\Programs\Startup
RollerCoaster Tycoon 3 Registration.lnk - C:\Documents and Settings\Nemesis\Local Settings\temp\{228469C9-32D0-4F4F-AC6B-1926C4CC56AB}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\titan\Titan Quest.exe"="D:\titan\Titan Quest.exe:*:Enabled:Titan Quest"
"D:\Diablo II\Game.exe"="D:\Diablo II\Game.exe:*:Enabled:Diablo II"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Tinat Quest\Tqit.exe"="C:\Tinat Quest\Tqit.exe:*:Enabled:Tqit"
"D:\Counter-Strike 1.6\hl.exe"="D:\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\figters\SplashFighters\amped.exe"="D:\figters\SplashFighters\amped.exe:*:Enabled:amped"
"D:\figters\SplashFighters\jre\1.3.1\bin\javaw.exe"="D:\figters\SplashFighters\jre\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"\\PONOZKA\ZdieľanéDoku\NarutoLF2 2.0\Naruto.exe"="\\PONOZKA\ZdieľanéDoku\NarutoLF2 2.0\Naruto.exe:*:Enabled:Naruto"
"D:\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE"="D:\Worms 4 Mayhem\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"D:\S4League\S4Client.exe"="D:\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe"
"D:\Angels Online\START.EXE"="D:\Angels Online\START.EXE:*:Enabled:START"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\lotr\game.dat"="D:\lotr\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"D:\lotr witch king\game.dat"="D:\lotr witch king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"D:\Diablo 1\Diablo The Awakening\game\AwakeEN.exe"="D:\Diablo 1\Diablo The Awakening\game\AwakeEN.exe:*:Enabled:Diablo"
"D:\Diablo 1\Diablo.exe"="D:\Diablo 1\Diablo.exe:*:Enabled:Diablo"
"D:\Heroes\bin\H5_Game.exe"="D:\Heroes\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"D:\torrentz\LieroX v0.56 Pack 1.9\LieroX.exe"="D:\torrentz\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX"
"C:\Program Files\Wild Hare\Rag Doll Kung Fu\rag_doll_kung_fu.exe"="C:\Program Files\Wild Hare\Rag Doll Kung Fu\rag_doll_kung_fu.exe:*:Disabled:rag_doll_kung_fu"
"C:\Documents and Settings\All Users\Documents\LieroX v0.56 Pack 1.9\LieroX.exe"="C:\Documents and Settings\All Users\Documents\LieroX v0.56 Pack 1.9\LieroX.exe:*:Enabled:LieroX"
"C:\Ntreev USA\Grand Chase\main.exe"="C:\Ntreev USA\Grand Chase\main.exe:*:Enabled:GrandChase"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Metin2\metin2.bin"="D:\Metin2\metin2.bin:*:Enabled:metin2"
"D:\Wowko\project powder\Run.exe"="D:\Wowko\project powder\Run.exe:*:Enabled:ProjectPowder"
"D:\snow\Run.exe"="D:\snow\Run.exe:*:Enabled:ProjectPowder"
"C:\Program Files\Outspark\ProjectPowder\Run.exe"="C:\Program Files\Outspark\ProjectPowder\Run.exe:*:Enabled:ProjectPowder"
"C:\Program Files\Vietcong\vietcong.exe"="C:\Program Files\Vietcong\vietcong.exe:*:Enabled:vietcong"
"D:\Program Files\HonourGunZ\theduel.exe"="D:\Program Files\HonourGunZ\theduel.exe:*:Enabled:Xiao's Runnable"
"D:\torrentz\Stronghold Crusader\Stronghold Crusader.exe"="D:\torrentz\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"D:\torrentz\ss2\Bin\Sam2.exe"="D:\torrentz\ss2\Bin\Sam2.exe:*:Disabled:Sam2"
"D:\torrentz\Yu gi oh\Joey the Passion\JoeyThePassion\joey_pc.exe"="D:\torrentz\Yu gi oh\Joey the Passion\JoeyThePassion\joey_pc.exe:*:Enabled:joey_pc"
"D:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe"="D:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe:*:Enabled:Client"
"D:\Program Files\Fox\Aliens vs. Predator 2\AVP2Serv.exe"="D:\Program Files\Fox\Aliens vs. Predator 2\AVP2Serv.exe:*:Enabled:AVP2 Stand-Alone Server"
"C:\Quake2\quake2.exe"="C:\Quake2\quake2.exe:*:Enabled:quake2"
"D:\ComeOnBaby\ComeOnBaby.exe"="D:\ComeOnBaby\ComeOnBaby.exe:*:Disabled:ComeOnBaby"
"D:\torrentz\Half Life 2\HL2TakeTwo\HL2\hl2.exe"="D:\torrentz\Half Life 2\HL2TakeTwo\HL2\hl2.exe:*:Enabled:hl2"
"D:\W III\Warcraft III.exe"="D:\W III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Wowko\Counter-Strike 1.6\hl.exe"="D:\Wowko\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Wowko\Kópia – Counter-Strike 1.6\hl.exe"="D:\Wowko\Kópia – Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Wowko\Kópia – Kópia – Counter-Strike 1.6\hl.exe"="D:\Wowko\Kópia – Kópia – Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Wowko\Kópia – Kópia – Kópia – Counter-Strike 1.6\hl.exe"="D:\Wowko\Kópia – Kópia – Kópia – Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Wowko\Kópia (2) – Kópia – Kópia – Counter-Strike 1.6\hl.exe"="D:\Wowko\Kópia (2) – Kópia – Kópia – Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Wowko\Kópia – Counter-Strike 1.6\hlds.exe"="D:\Wowko\Kópia – Counter-Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
"D:\Wowko\Kópia – Counter-Strike 1.6\hltv.exe"="D:\Wowko\Kópia – Counter-Strike 1.6\hltv.exe:*:Enabled:HLTV Launcher"
"D:\Wowko\Kópia (3) – Kópia – Kópia – Counter-Strike 1.6\hl.exe"="D:\Wowko\Kópia (3) – Kópia – Kópia – Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Wowko\Kópia (4) – Kópia – Kópia – Counter-Strike 1.6\hl.exe"="D:\Wowko\Kópia (4) – Kópia – Kópia – Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Silverfall\Silverfall.exe"="C:\Silverfall\Silverfall.exe:*:Enabled:Silverfall"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\AeriaGames\WolfTeam\Wolfteam.bin"="C:\AeriaGames\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"G:\System\KillingFloor.exe"="G:\System\KillingFloor.exe:*:Enabled:KillingFloor"
"D:\savage\savage2.exe"="D:\savage\savage2.exe:*:Enabled:savage2"
"D:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="D:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Documents and Settings\Nemesis\Desktop\Nový priečinok\theduel.exe"="C:\Documents and Settings\Nemesis\Desktop\Nový priečinok\theduel.exe:*:Disabled:Xiao's Runnable"
"C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin"="C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion"
"D:\RakionIS\Bin\rakion.bin"="D:\RakionIS\Bin\rakion.bin:*:Enabled:rakion"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"D:\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="D:\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\World of Warcraft\Repair.exe"="D:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\World of Warcraft\WoW-3.2.0-enUS-downloader.exe"="D:\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\PainKiller\Painkiller Resurrection\bin\ResurrectionEditor.exe"="D:\PainKiller\Painkiller Resurrection\bin\ResurrectionEditor.exe:*:Enabled:ResurrectionEditor"
"D:\Program Files\DreamCatcher\Painkiller\Painkiller Overdose\Bin\Overdose.exe"="D:\Program Files\DreamCatcher\Painkiller\Painkiller Overdose\Bin\Overdose.exe:*:Enabled:Painkiller Overdose"
"D:\Program Files\DreamCatcher\Painkiller\Painkiller Overdose\Bin\OverdoseEditor.exe"="D:\Program Files\DreamCatcher\Painkiller\Painkiller Overdose\Bin\OverdoseEditor.exe:*:Enabled:Painkiller Overdose Editor"
"D:\Program Files\DreamCatcher\Painkiller\Painkiller Overdose\Bin\OverdoseServer.exe"="D:\Program Files\DreamCatcher\Painkiller\Painkiller Overdose\Bin\OverdoseServer.exe:*:Enabled:Painkiller Overdose Console Server"
"D:\Wowko\Kópia (2) – Kópia – Kópia – Counter-Strike 1.6\hlds.exe"="D:\Wowko\Kópia (2) – Kópia – Kópia – Counter-Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
"D:\Program Files\Codemasters\Overlord\Overlord.exe"="D:\Program Files\Codemasters\Overlord\Overlord.exe:*:Disabled:Overlord"
"D:\Program Files\Postal2\System\System\Postal2MP.exe"="D:\Program Files\Postal2\System\System\Postal2MP.exe:*:Enabled:Postal2MP"
"D:\Rohan\rohanclient.exe"="D:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-03 12:35:04 ----D---- C:\rsit
2010-01-02 12:01:26 ----D---- C:\Program Files\AhnLab
2010-01-01 22:36:54 ----D---- C:\Program Files\Gravity
2010-01-01 19:38:19 ----D---- C:\Program Files\Aerys Ragnarok Online
2010-01-01 12:48:38 ----D---- C:\Program Files\SmartCell
2009-12-31 14:03:15 ----D---- C:\Program Files\Brain Seal
2009-12-31 12:13:45 ----D---- C:\GamesCampus
2009-12-31 12:01:20 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2009-12-31 12:01:03 ----D---- C:\Program Files\Pando Networks
2009-12-28 20:42:29 ----D---- C:\Program Files\Xfire
2009-12-23 14:25:14 ----D---- C:\Program Files\OpenAL
2009-12-22 20:51:07 ----D---- C:\WINDOWS\desktop
2009-12-20 09:08:44 ----D---- C:\Program Files\LogMeIn Hamachi
2009-12-19 16:52:42 ----A---- C:\WINDOWS\unvise32.exe
2009-12-15 20:15:58 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-12-13 16:20:01 ----A---- C:\WINDOWS\system32\CMStarterCore.exe
2009-12-13 16:20:01 ----A---- C:\WINDOWS\system32\CMStarter_Kor.dll
2009-12-13 16:20:01 ----A---- C:\WINDOWS\system32\CMStarter_Eng.dll
2009-12-13 13:55:25 ----A---- C:\WINDOWS\TDH_Launcher.ini
2009-12-13 10:55:16 ----A---- C:\WINDOWS\system32\muweb.dll
2009-12-13 10:55:16 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-12-13 10:55:16 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-12-12 19:56:22 ----A---- C:\WINDOWS\clientshell.INI
2009-12-12 12:08:55 ----D---- C:\Program Files\Microsoft Silverlight
2009-12-11 22:50:49 ----D---- C:\Documents and Settings\All Users\Application Data\Nanovor
2009-12-09 07:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 07:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 07:33:55 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-09 07:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 07:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 07:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-03 12:35:08 ----D---- C:\WINDOWS\Prefetch
2010-01-03 12:33:04 ----D---- C:\Program Files\Mozilla Firefox
2010-01-03 12:31:51 ----D---- C:\WINDOWS
2010-01-03 12:27:47 ----RD---- C:\Program Files
2010-01-03 12:26:52 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-03 12:26:14 ----D---- C:\WINDOWS\system32
2010-01-03 12:26:02 ----D---- C:\WINDOWS\Temp
2010-01-03 12:25:34 ----D---- C:\WINDOWS\Debug
2010-01-02 23:18:49 ----D---- C:\Documents and Settings\Nemesis\Application Data\Skype
2010-01-02 16:08:55 ----D---- C:\Documents and Settings\Nemesis\Application Data\skypePM
2010-01-02 13:37:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-02 13:27:55 ----D---- C:\Program Files\Garena
2010-01-01 12:31:13 ----D---- C:\WINDOWS\system32\drivers
2009-12-31 14:07:09 ----SHD---- C:\WINDOWS\Installer
2009-12-30 10:52:08 ----D---- C:\Program Files\ICQ6.5
2009-12-28 13:14:01 ----A---- C:\WINDOWS\IFinst27.exe
2009-12-27 17:17:53 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-27 09:23:44 ----D---- C:\Documents and Settings\Nemesis\Application Data\uTorrent
2009-12-25 14:12:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-24 15:12:36 ----D---- C:\WINDOWS\system32\DirectX
2009-12-24 15:12:34 ----HD---- C:\WINDOWS\inf
2009-12-24 15:12:32 ----RSD---- C:\WINDOWS\assembly
2009-12-23 19:31:35 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-12-23 14:26:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-23 14:26:32 ----D---- C:\Program Files\AGEIA Technologies
2009-12-23 14:25:14 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-12-23 14:25:14 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-12-15 14:38:39 ----AC---- C:\WINDOWS\BlendSettings.ini
2009-12-14 21:51:20 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-12-14 16:58:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-14 16:22:54 ----D---- C:\WINDOWS\WinSxS
2009-12-13 16:20:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-12 11:11:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-09 11:52:32 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 07:34:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-09 07:33:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-04 18:24:12 ----D---- C:\Documents and Settings\Nemesis\Application Data\Hamachi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-11-04 271360]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-11-04 18048]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-16 2324160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-03-30 3095552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-07-28 33024]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-07-28 12928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 ae3ln9dl;ae3ln9dl; C:\WINDOWS\system32\drivers\ae3ln9dl.sys []
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS); C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-11-12 36048]
S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2002-11-12 748544]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Nemesis\LOCALS~1\Temp\NAY12F.tmp []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 npkcrypt;npkcrypt; \??\D:\Lineage II\system\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\D:\Lineage II\system\npkycryp.sys []
S3 rak;rak; \??\C:\WINDOWS\system32\rakion.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 TKFsAc;TKFsAc; \??\C:\WINDOWS\system32\TKFsAc2k.sys []
S3 TKFsAv;TKFsAv; \??\C:\WINDOWS\system32\TKFsAv2k.sys []
S3 TKFsFt;TKFsFt; \??\C:\WINDOWS\system32\TKFsFt2k.sys []
S3 TKRgAc;TKRgAc; \??\C:\WINDOWS\system32\TKRgAc2k.sys []
S3 TKRgFt;TKRgFt; \??\C:\WINDOWS\system32\TKRgFtXp.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 XDva120;XDva120; \??\C:\WINDOWS\system32\XDva120.sys []
S3 XDva221;XDva221; \??\C:\WINDOWS\system32\XDva221.sys []
S3 XDva281;XDva281; \??\C:\WINDOWS\system32\XDva281.sys []
S3 XDva297;XDva297; \??\C:\WINDOWS\system32\XDva297.sys []
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 apple mobile device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-03-30 127043]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-15 66872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-11-02 3341224]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

tuna prikladam log

#3 Příspěvek od **motji** » 03 led 2010 17:27

Dobrý večer

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

poly-filip · #4 Příspěvek od **poly-filip** » 03 led 2010 18:03

Mám stejný problém s ICQ posílám log z RSIT (je možné že najdete i jiné mouchy ) předem moc děkuji

Logfile of random's system information tool 1.06 (written by random/random)
Run by POLLY at 2010-01-03 17:58:22
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 7 GB (13%) free of 55 GB
Total RAM: 767 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:23, on 3.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\System32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Documents and Settings\POLLY.POLY\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\POLLY.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\POLLY.POLY\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\POLLY.POLY\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS.0\System32\autorun.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS.0\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

--
End of file - 9762 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\PCConfidential.job
C:\WINDOWS.0\tasks\RegPowerClean.job
C:\WINDOWS.0\tasks\RPCReminder.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\POLLY.POLY\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-10-05 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-11-16 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_1.dll [2009-11-16 2166296]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-12 339968]
"Soltek"=C:\WINDOWS.0\System32\autorun.exe [2001-10-29 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe [2004-02-22 32881]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-26 85160]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2004-08-17 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336]
"AdobeBridge"=C:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe [2008-08-28 13145448]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

C:\Documents and Settings\All Users.WINDOWS.0\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\POLLY.POLY\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS.0\system32\Ati2evxx.dll [2004-08-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d1073a8-db45-11de-8019-0069000c02d6}]
shell\AutoRun\command - SIDEBAR.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59ab004f-e7e9-11de-802f-0069000c02d6}]
shell\AutoRun\command - H:\WUDFHOST.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8c5abd-e8a8-11de-8031-0069000c02d6}]
shell\AutoRun\command - I:\P4P.EXE

======File associations======

.scr - open - c:\WINDOWS.0\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-01-03 17:58:22 ----D---- C:\rsit
2010-01-03 17:48:25 ----D---- C:\Program Files\Trend Micro
2010-01-03 17:41:24 ----A---- C:\avenger.txt
2010-01-03 17:26:29 ----D---- C:\Avenger
2009-12-25 14:03:05 ----SHD---- C:\found.002
2009-12-23 16:02:05 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\FLEXnet
2009-12-23 15:56:21 ----D---- C:\Program Files\Adobe Media Player
2009-12-23 15:53:24 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-23 15:48:28 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-12-21 20:32:16 ----D---- C:\Documents and Settings\POLLY.POLY\Data aplikací\BitZipper
2009-12-21 20:32:12 ----D---- C:\Program Files\BitZipper
2009-12-21 20:29:00 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Winferno
2009-12-21 20:28:13 ----D---- C:\Program Files\Common Files\Winferno
2009-12-21 20:24:26 ----A---- C:\WINDOWS.0\system32\WINUTIL5.DLL
2009-12-21 20:24:26 ----A---- C:\WINDOWS.0\system32\WINLCTL5.DLL
2009-12-21 20:24:24 ----A---- C:\WINDOWS.0\system32\CapiCom.dll
2009-12-21 20:24:23 ----D---- C:\Program Files\Winferno
2009-12-21 18:29:52 ----D---- C:\Documents and Settings\POLLY.POLY\Data aplikací\HPAppData
2009-12-17 21:42:00 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Canon
2009-12-17 21:33:10 ----D---- C:\Program Files\Canon
2009-12-17 21:18:57 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\HP Product Assistant
2009-12-17 21:18:57 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\HP
2009-12-17 21:18:39 ----D---- C:\Program Files\Hewlett-Packard
2009-12-17 21:18:34 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-12-17 21:18:14 ----D---- C:\Program Files\Common Files\HP
2009-12-17 21:17:24 ----DC---- C:\WINDOWS.0\system32\DRVSTORE
2009-12-17 21:17:09 ----D---- C:\Program Files\HP
2009-12-11 15:29:01 ----A---- C:\WINDOWS.0\system32\ptpusb.dll
2009-12-11 15:28:59 ----A---- C:\WINDOWS.0\system32\ptpusd.dll
2009-12-10 17:49:41 ----HDC---- C:\WINDOWS.0\$NtUninstallKB970430$
2009-12-10 17:49:35 ----HDC---- C:\WINDOWS.0\$NtUninstallKB974318$
2009-12-10 17:49:21 ----HDC---- C:\WINDOWS.0\$NtUninstallKB976325$
2009-12-10 17:49:12 ----HDC---- C:\WINDOWS.0\$NtUninstallKB973904$
2009-12-10 17:49:07 ----HDC---- C:\WINDOWS.0\$NtUninstallKB974392$
2009-12-10 17:48:56 ----HDC---- C:\WINDOWS.0\$NtUninstallKB971737$
2009-12-08 19:20:00 ----A---- C:\WINDOWS.0\system32\aswBoot.exe

======List of files/folders modified in the last 1 months======

2010-01-03 17:48:55 ----D---- C:\Documents and Settings\POLLY.POLY\Data aplikací\Skype
2010-01-03 17:48:36 ----D---- C:\WINDOWS.0\Prefetch
2010-01-03 17:48:25 ----RD---- C:\Program Files
2010-01-03 17:43:32 ----D---- C:\WINDOWS.0\Temp
2010-01-03 17:42:09 ----A---- C:\WINDOWS.0\system32\auto.ini
2010-01-03 17:41:25 ----D---- C:\WINDOWS.0\system32
2010-01-03 17:41:24 ----D---- C:\WINDOWS.0\system32\drivers
2010-01-03 17:40:13 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2010-01-03 17:40:03 ----D---- C:\Documents and Settings\POLLY.POLY\Data aplikací\ICQ
2010-01-03 17:28:38 ----D---- C:\Documents and Settings\POLLY.POLY\Data aplikací\skypePM
2009-12-31 13:47:20 ----D---- C:\WINDOWS.0\system32\CatRoot2
2009-12-29 09:24:33 ----D---- C:\Program Files\ICQ6.5
2009-12-25 14:05:29 ----D---- C:\Documents and Settings\POLLY.POLY\Data aplikací\Adobe
2009-12-23 16:38:58 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Adobe
2009-12-23 16:38:57 ----D---- C:\Program Files\Adobe
2009-12-23 16:06:29 ----SD---- C:\Documents and Settings\All Users.WINDOWS.0\Data aplikací\Microsoft
2009-12-23 16:00:09 ----SHD---- C:\WINDOWS.0\Installer
2009-12-23 16:00:08 ----HD---- C:\Config.Msi
2009-12-23 15:57:40 ----D---- C:\Program Files\Common Files\Adobe
2009-12-23 15:55:36 ----RSD---- C:\WINDOWS.0\Fonts
2009-12-23 15:53:24 ----D---- C:\Program Files\Common Files
2009-12-21 20:28:15 ----SD---- C:\WINDOWS.0\Tasks
2009-12-19 18:43:21 ----D---- C:\Program Files\Mozilla Firefox
2009-12-18 10:25:22 ----D---- C:\WINDOWS.0
2009-12-17 21:59:36 ----SD---- C:\Documents and Settings\POLLY.POLY\Data aplikací\Microsoft
2009-12-17 21:58:52 ----HD---- C:\WINDOWS.0\inf
2009-12-17 21:19:57 ----D---- C:\WINDOWS.0\WinSxS
2009-12-17 21:18:42 ----D---- C:\WINDOWS.0\twain_32
2009-12-17 21:04:52 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2009-12-10 18:35:14 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2009-12-10 17:49:38 ----A---- C:\WINDOWS.0\imsins.BAK
2009-12-10 17:49:11 ----HD---- C:\WINDOWS.0\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS.0\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS.0\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS.0\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS.0\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 ISODisk;ISODisk; C:\WINDOWS.0\system32\drivers\ISODisk.sys [2006-04-26 9600]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS.0\System32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 adfs;adfs; C:\WINDOWS.0\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS.0\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 EIO;EIO; \??\C:\WINDOWS.0\system32\drivers\EIO.sys []
R3 aswRdr;aswRdr; C:\WINDOWS.0\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS.0\System32\DRIVERS\ati2mtag.sys [2004-08-12 786944]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS.0\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS.0\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS.0\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS.0\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS.0\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS.0\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS.0\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS.0\system32\drivers\viaudios.sys [2004-06-18 152192]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS.0\System32\Drivers\vulfntr.sys [2002-10-30 10240]
S3 a10q8yqx;a10q8yqx; C:\WINDOWS.0\system32\drivers\a10q8yqx.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS.0\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 usbprint;Třída USB Printer; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS.0\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS.0\System32\Drivers\vulfnth.sys [2002-10-23 6912]
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS.0\System32\Ati2evxx.exe [2004-08-12 389120]
R2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2008-02-18 32768]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS.0\system32\svchost.exe [2004-08-17 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-01-22 29178224]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS.0\System32\svchost.exe [2004-08-17 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS.0\System32\svchost.exe [2004-08-17 14336]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS.0\system32\svchost.exe [2004-08-17 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS.0\system32\ati2sgag.exe [2004-08-12 516096]
S2 Autodesk EDM Server;Autodesk EDM Server; C:\Program Files\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe [2008-02-18 57344]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-10-16 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-12-23 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-01-22 45272]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-01-22 242544]

-----------------EOF-----------------

#5 Příspěvek od **motji** » 03 led 2010 19:13

poly-filip
založte si prosím nový topic, takto by to bylo nepřehledné, díky

hinatahyuuga · #6 Příspěvek od **hinatahyuuga** » 04 led 2010 11:58

ComboFix 10-01-03.05 - Nemesis 04.01.2010 11:40:43.3.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.483 [GMT 1:00]
Running from: c:\documents and settings\Nemesis\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100103-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\updates\ICQLRun.exe.91c2e91e127ccb34d0b0bbd8b0533169
c:\windows\system32\SIntf16.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32

((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-03 11:35 . 2010-01-03 11:35 -------- d-----w- C:\rsit
2010-01-02 11:01 . 2010-01-02 11:01 -------- d-----w- c:\program files\AhnLab
2010-01-01 21:36 . 2010-01-01 21:36 -------- d-----w- c:\program files\Gravity
2010-01-01 18:38 . 2010-01-01 18:40 -------- d-----w- c:\program files\Aerys Ragnarok Online
2010-01-01 11:48 . 2010-01-01 11:48 -------- d-----w- c:\program files\SmartCell
2009-12-31 13:03 . 2009-12-31 13:03 -------- d-----w- c:\program files\Brain Seal
2009-12-31 11:13 . 2009-12-31 11:13 -------- d-----w- C:\GamesCampus
2009-12-31 11:01 . 2010-01-04 10:45 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\PMB Files
2009-12-31 11:01 . 2009-12-31 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-12-31 11:01 . 2009-12-31 11:01 -------- d-----w- c:\program files\Pando Networks
2009-12-23 18:33 . 2009-12-23 18:37 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\Painkiller Overdose
2009-12-23 13:25 . 2009-12-23 13:25 -------- d-----w- c:\program files\OpenAL
2009-12-22 19:51 . 2009-12-22 19:51 -------- d-----w- c:\windows\desktop
2009-12-22 19:04 . 2009-12-22 19:08 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\NFS Underground 2
2009-12-22 13:29 . 2009-12-22 13:29 65144 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-21 15:58 . 2009-12-21 16:07 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\Painkiller Resurrection
2009-12-20 08:08 . 2009-09-23 08:41 26176 ---ha-w- c:\windows\system32\hamachi.sys
2009-12-20 08:08 . 2009-12-20 08:08 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-20 08:08 . 2010-01-04 10:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2009-12-20 08:08 . 2009-12-22 16:04 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\LogMeIn Hamachi
2009-12-19 15:52 . 2003-03-15 22:15 90112 ----a-w- c:\windows\unvise32.exe
2009-12-15 19:15 . 2009-12-15 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-12-13 15:20 . 2009-11-24 14:27 53616 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2009-12-13 15:20 . 2009-11-24 14:27 53616 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2009-12-13 15:20 . 2009-11-24 14:27 364912 ----a-w- c:\windows\system32\CMStarterCore.exe
2009-12-13 09:55 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-13 09:55 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-12 16:55 . 2009-12-12 16:55 12862 ----a-r- c:\documents and settings\Nemesis\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-12-12 11:08 . 2009-12-12 11:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-11 22:05 . 2009-12-11 22:05 573440 ----a-w- c:\documents and settings\All Users\Application Data\Nanovor\Utils\ConsoleDeviceInterface.exe
2009-12-11 22:02 . 2009-12-11 22:02 5940880 ----a-w- c:\documents and settings\All Users\Application Data\Nanovor\evolver.exe
2009-12-11 21:50 . 2009-12-11 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nanovor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 22:22 . 2008-08-03 15:43 -------- d-----w- c:\documents and settings\Nemesis\Application Data\uTorrent
2010-01-03 11:31 . 2009-06-02 17:55 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-03 11:31 . 2009-06-02 18:18 88 --sh--r- c:\windows\system32\45695CAEBB.sys
2010-01-03 11:26 . 2008-05-19 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 22:18 . 2009-03-29 18:04 -------- d-----w- c:\documents and settings\Nemesis\Application Data\Skype
2010-01-02 15:08 . 2009-03-29 18:06 -------- d-----w- c:\documents and settings\Nemesis\Application Data\skypePM
2010-01-02 12:27 . 2009-04-08 13:35 -------- d-----w- c:\program files\Garena
2009-12-30 09:52 . 2009-08-06 19:28 -------- d-----w- c:\program files\ICQ6.5
2009-12-28 12:14 . 2009-02-21 06:17 65536 ----a-w- c:\windows\IFinst27.exe
2009-12-23 18:31 . 2008-05-26 17:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-23 13:26 . 2008-10-04 15:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-23 13:26 . 2008-10-04 15:03 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-23 13:25 . 2008-09-28 10:58 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-23 13:25 . 2008-09-28 10:58 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-14 20:51 . 2009-01-17 08:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-14 15:58 . 2009-06-29 17:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-11 22:05 . 2009-09-08 16:33 11284648 ----a-w- c:\documents and settings\All Users\Application Data\Nanovor\Nanovor.exe
2009-12-11 22:05 . 2009-08-14 11:48 108 ----a-w- c:\documents and settings\All Users\Application Data\Nanovor\Nanovor.bat
2009-12-04 17:24 . 2008-08-15 19:18 -------- d-----w- c:\documents and settings\Nemesis\Application Data\Hamachi
2009-12-02 12:10 . 2009-12-02 12:10 66680 ----a-w- c:\windows\system32\rakion.sys
2009-11-29 10:47 . 2009-11-29 10:47 -------- d-----w- c:\program files\Conduit
2009-11-28 17:26 . 2009-11-28 17:26 -------- d-----w- c:\documents and settings\Nemesis\Application Data\Atari
2009-11-28 17:08 . 2009-11-28 17:08 -------- d-----w- c:\documents and settings\Nemesis\Application Data\Leadertech
2009-11-28 15:49 . 2009-11-28 15:49 0 ----a-w- c:\windows\PowerReg.dat
2009-11-26 07:01 . 2009-11-26 07:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 23:54 . 2009-03-01 08:51 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-03-01 08:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-03-01 08:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-03-01 08:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-03-01 08:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-03-01 08:51 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-03-01 08:51 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-03-01 08:51 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-03-01 08:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 16:38 . 2008-05-19 17:51 13880 ----a-w- c:\documents and settings\Nemesis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-22 10:39 . 2008-05-27 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-22 10:24 . 2009-10-28 09:37 -------- d-----w- c:\program files\Java
2009-11-22 10:23 . 2009-11-22 10:23 152576 ----a-w- c:\documents and settings\Nemesis\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-22 10:23 . 2009-11-22 10:23 79488 ----a-w- c:\documents and settings\Nemesis\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-16 20:08 . 2009-11-16 20:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-11-14 18:26 . 2009-11-14 18:26 -------- d-----w- c:\program files\Common Files\Skype
2009-11-14 18:26 . 2009-11-14 18:26 -------- d-----r- c:\program files\Skype
2009-11-14 18:26 . 2009-03-29 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-12 14:44 . 2009-11-12 14:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-07 18:13 . 2008-05-21 15:26 -------- d-----w- c:\documents and settings\Nemesis\Application Data\ICQ
2009-11-04 17:35 . 2009-11-04 17:35 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-04 17:35 . 2009-11-04 17:35 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-29 05:38 . 2006-03-04 03:33 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 09:37 . 2009-10-28 09:37 152576 ----a-w- c:\documents and settings\Nemesis\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 03:17 . 2009-10-28 09:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 13:00 . 2008-07-08 14:37 21840 -c--atw- c:\windows\system32\SIntfNT.dll
2009-10-07 13:00 . 2008-07-08 14:37 17212 -c--atw- c:\windows\system32\SIntf32.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\documents and settings\Nemesis\Desktop\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-12-31 2935480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-30 5898240]
"nwiz"="nwiz.exe" [2005-03-30 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-03-30 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"\\\\PONOZKA\\ZdieľanéDoku\\NarutoLF2 2.0\\Naruto.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\LieroX v0.56 Pack 1.9\\LieroX.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\W III\\Warcraft III.exe"=
"d:\\Wowko\\Kópia (2) – Kópia – Kópia – Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Nemesis\\Desktop\\Nový priečinok\\theduel.exe"=
"d:\\Program Files\\DreamCatcher\\Painkiller\\Painkiller Overdose\\Bin\\Overdose.exe"=
"d:\\Program Files\\DreamCatcher\\Painkiller\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"d:\\Program Files\\DreamCatcher\\Painkiller\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
"d:\\Wowko\\Kópia (2) – Kópia – Kópia – Counter-Strike 1.6\\hlds.exe"=
"d:\\Program Files\\Codemasters\\Overlord\\Overlord.exe"=
"d:\\Program Files\\Postal2\\System\\System\\Postal2MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"57714:TCP"= 57714:TCP:Pando Media Booster
"57714:UDP"= 57714:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.5.2008 18:29 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.3.2009 9:51 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2009 11:43 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 11:43 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.3.2009 9:51 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.8.2009 20:31 222968]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [19.5.2008 19:55 36048]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Nemesis\LOCALS~1\Temp\NAY12F.tmp --> c:\docume~1\Nemesis\LOCALS~1\Temp\NAY12F.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\d:\lineage ii\system\npkycryp.sys --> d:\lineage ii\system\npkycryp.sys [?]
S3 rak;rak;c:\windows\system32\rakion.sys [2.12.2009 13:10 66680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 11:43 7408]
S3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [2.7.2009 19:46 88864]
S3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [2.7.2009 19:46 31488]
S3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [2.7.2009 19:46 80672]
S3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [2.7.2009 19:46 41984]
S3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [2.7.2009 19:46 24704]
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys --> c:\windows\system32\XDva120.sys [?]
S3 XDva221;XDva221;\??\c:\windows\system32\XDva221.sys --> c:\windows\system32\XDva221.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2090540
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
IE: &Search
FF - ProfilePath - c:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\g2tqtva6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2090540&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=2&q=
FF - component: c:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\g2tqtva6.default\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_17.dll
FF - plugin: c:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Angels Online_is1 - d:\program files\Angels Online\unins000.exe
AddRemove-Diablo 2 Mastertool - c:\program files\Diablo 2 Mastertool\DeIsL1.isu
AddRemove-Emerald MU Online Season 3 Episode 1 - c:\program files emerald mu online\Uninstall.exe
AddRemove-Hellfire - d:\dablo\SIERRA\HELLFIRE\Uninst.isu
AddRemove-Jazz Jackrabbit 2 Shareware - c:\games\Jazz2Sw\UnInst.exe
AddRemove-Jazz Jackrabbit 2-Christmas Chronicles - c:\games\Jazz Jackrabbit 2-Christmas Chronicles\Uninstal.exe
AddRemove-Jazz Jackrabbit 2-The Secret Files - c:\games\Jazz Jackrabbit 2-The Secret Files\Uninstal.exe
AddRemove-Mir2_Usa - d:\mir2\uninstall.exe
AddRemove-Quake2UninstallKey - c:\quake2\Uninst.isu
AddRemove-QuakeUninstallKey - c:\quake\Uninst.isu
AddRemove-Rohan_USA - d:\rohan\GoUninstUSA.exe
AddRemove-Savage2 - d:\savage\uninstall.exe
AddRemove-ScytheRO - d:\program files\Gravity\RO\Uninstall ScytheRO.exe
AddRemove-Silverfall - c:\silverfall\uninst.exe
AddRemove-Talisman Online_is1 - c:\program files\TalismanOnline\unins000.exe
AddRemove-{909F8EBC-EC7F-48FF-0085-475D818F0F31} - d:\program files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe
AddRemove-Watchy's Perfect Ragnarok Online 6.0 - d:\ragnarok\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 11:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys nvatabus.sys spyk.sys >>UNKNOWN [0x8318E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75b0f28
\Driver\ACPI -> ACPI.sys @ 0xf731bcb8
\Driver\atapi -> atapi.sys @ 0xf72d6b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71cbbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71d8a21
SendHandler -> NDIS.sys @ 0xf71b687b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3586.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3586.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Nemesis\LOCALS~1\Temp\NAY12F.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1606980848-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e2,83,c0,cd,59,f3,65,d7,81,54,b3,21,a0,05,23,04,d2,cc,e9,ea,7b,9d,9b,
00,a9,4a,50,a5,35,1a,8b,10,b5,c5,fa,b4,f3,be,59,2c,0f,d3,69,f1,a3,b1,d0,f4,\
"??"=hex:98,8d,b4,1c,7e,f8,57,c3,15,cc,57,96,67,b6,38,56

[HKEY_USERS\S-1-5-21-2052111302-1606980848-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:db,f9,ab,f4,e6,33,bf,3c,48,d6,fb,d6,5a,98,f1,57,28,9c,c4,ca,81,
0f,de,46,1e,37,3f,66,13,b9,1f,fc,08,9d,94,82,3b,ae,04,1c,fe,13,98,4e,79,ee,\
"rkeysecu"=hex:d9,c2,5e,b0,b6,64,0b,36,c5,96,97,69,e3,50,6d,1b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-04 11:52:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-04 10:52

Pre-Run: 6 356 398 080 bytes free
Post-Run: 6 842 576 896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 05E9C7205CE2665A74B887A23D65D83C

#7 Příspěvek od **motji** » 04 led 2010 12:22

Používáte C:/Program Files/Common Files/Akamai/, \GameMon.des a garenu?

hinatahyuuga · #8 Příspěvek od **hinatahyuuga** » 04 led 2010 13:20

jedine Garenu ostatne nie

#9 Příspěvek od **motji** » 04 led 2010 13:47

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
c:\windows\system32\XDva120.sys 
c:\windows\system32\XDva221.sys 
\c:\windows\system32\XDva281.sys
c:\windows\system32\XDva297.sys
c:\windows\system32\GameMon.des
Folder::
C:/Program Files/Common Files/Akamai
Driver::
XDva281
XDva221
XDva120
XDva297
npkycryp
Akamai
npggsvc

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

hinatahyuuga · #10 Příspěvek od **hinatahyuuga** » 05 led 2010 12:16

ComboFix 10-01-04.01 - Nemesis 05.01.2010 12:01:39.4.1 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.767.489 [GMT 1:00]
Running from: c:\documents and settings\Nemesis\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nemesis\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\GameMon.des"
"c:\windows\system32\XDva120.sys"
"c:\windows\system32\XDva221.sys"
"c:\windows\system32\XDva297.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\GameMon.des

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AKAMAI
-------\Legacy_XDVA120
-------\Legacy_XDVA221
-------\Legacy_XDVA281
-------\Legacy_XDVA297
-------\Service_Akamai
-------\Service_npggsvc
-------\Service_npkycryp
-------\Service_XDva120
-------\Service_XDva221
-------\Service_XDva281
-------\Service_XDva297

((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-04 16:46 . 2010-01-04 16:52 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\ApplicationHistory
2010-01-04 16:46 . 2010-01-04 16:46 130 ----a-w- c:\documents and settings\Nemesis\Local Settings\Application Data\fusioncache.dat
2010-01-04 16:45 . 2010-01-04 16:45 32630 ----a-r- c:\documents and settings\Nemesis\Application Data\Microsoft\Installer\{44966527-AC8E-4C4F-82CE-2E311B68F2C3}\_f3e99.exe
2010-01-04 16:45 . 2010-01-04 16:45 32630 ----a-r- c:\documents and settings\Nemesis\Application Data\Microsoft\Installer\{44966527-AC8E-4C4F-82CE-2E311B68F2C3}\_bb32ea6.exe
2010-01-04 16:45 . 2010-01-04 16:45 32630 ----a-r- c:\documents and settings\Nemesis\Application Data\Microsoft\Installer\{44966527-AC8E-4C4F-82CE-2E311B68F2C3}\_26e91eb.exe
2010-01-04 16:45 . 2010-01-04 16:45 32630 ----a-r- c:\documents and settings\Nemesis\Application Data\Microsoft\Installer\{44966527-AC8E-4C4F-82CE-2E311B68F2C3}\_12db153c.exe
2010-01-04 16:45 . 2010-01-04 16:45 12542 ----a-r- c:\documents and settings\Nemesis\Application Data\Microsoft\Installer\{44966527-AC8E-4C4F-82CE-2E311B68F2C3}\_7e87390c.exe
2010-01-04 16:45 . 2010-01-04 16:45 12542 ----a-r- c:\documents and settings\Nemesis\Application Data\Microsoft\Installer\{44966527-AC8E-4C4F-82CE-2E311B68F2C3}\_440d491c.exe
2010-01-04 16:45 . 2010-01-04 16:45 12542 ----a-r- c:\documents and settings\Nemesis\Application Data\Microsoft\Installer\{44966527-AC8E-4C4F-82CE-2E311B68F2C3}\_124305e.exe
2010-01-04 16:45 . 2010-01-04 16:45 -------- d-----w- c:\program files\GEOMAG SA
2010-01-04 16:43 . 2010-01-04 16:43 -------- d-----w- c:\windows\system32\URTTEMP
2010-01-03 11:35 . 2010-01-03 11:35 -------- d-----w- C:\rsit
2010-01-02 11:01 . 2010-01-02 11:01 -------- d-----w- c:\program files\AhnLab
2010-01-01 21:36 . 2010-01-01 21:36 -------- d-----w- c:\program files\Gravity
2010-01-01 18:38 . 2010-01-01 18:40 -------- d-----w- c:\program files\Aerys Ragnarok Online
2010-01-01 11:48 . 2010-01-01 11:48 -------- d-----w- c:\program files\SmartCell
2009-12-31 13:03 . 2009-12-31 13:03 -------- d-----w- c:\program files\Brain Seal
2009-12-31 11:13 . 2009-12-31 11:13 -------- d-----w- C:\GamesCampus
2009-12-31 11:01 . 2010-01-05 11:10 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\PMB Files
2009-12-31 11:01 . 2009-12-31 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-12-31 11:01 . 2009-12-31 11:01 -------- d-----w- c:\program files\Pando Networks
2009-12-23 18:33 . 2009-12-23 18:37 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\Painkiller Overdose
2009-12-23 13:25 . 2009-12-23 13:25 -------- d-----w- c:\program files\OpenAL
2009-12-22 19:51 . 2009-12-22 19:51 -------- d-----w- c:\windows\desktop
2009-12-22 19:04 . 2009-12-22 19:08 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\NFS Underground 2
2009-12-22 13:29 . 2009-12-22 13:29 65144 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-21 15:58 . 2009-12-21 16:07 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\Painkiller Resurrection
2009-12-20 08:08 . 2009-09-23 08:41 26176 ---ha-w- c:\windows\system32\hamachi.sys
2009-12-20 08:08 . 2009-12-20 08:08 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-20 08:08 . 2010-01-05 11:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2009-12-20 08:08 . 2009-12-22 16:04 -------- d-----w- c:\documents and settings\Nemesis\Local Settings\Application Data\LogMeIn Hamachi
2009-12-19 15:52 . 2003-03-15 22:15 90112 ----a-w- c:\windows\unvise32.exe
2009-12-15 19:15 . 2009-12-15 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-12-13 15:20 . 2009-11-24 14:27 53616 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2009-12-13 15:20 . 2009-11-24 14:27 53616 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2009-12-13 15:20 . 2009-11-24 14:27 364912 ----a-w- c:\windows\system32\CMStarterCore.exe
2009-12-13 09:55 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-13 09:55 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-12 16:55 . 2009-12-12 16:55 12862 ----a-r- c:\documents and settings\Nemesis\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-12-12 11:08 . 2009-12-12 11:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-11 22:05 . 2009-12-11 22:05 573440 ----a-w- c:\documents and settings\All Users\Application Data\Nanovor\Utils\ConsoleDeviceInterface.exe
2009-12-11 22:02 . 2009-12-11 22:02 5940880 ----a-w- c:\documents and settings\All Users\Application Data\Nanovor\evolver.exe
2009-12-11 21:50 . 2009-12-11 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nanovor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 10:48 . 2009-03-29 18:04 -------- d-----w- c:\documents and settings\Nemesis\Application Data\Skype
2010-01-05 10:19 . 2009-03-29 18:06 -------- d-----w- c:\documents and settings\Nemesis\Application Data\skypePM
2010-01-04 23:31 . 2008-08-03 15:43 -------- d-----w- c:\documents and settings\Nemesis\Application Data\uTorrent
2010-01-04 21:47 . 2009-04-08 13:35 -------- d-----w- c:\program files\Garena
2010-01-04 12:10 . 2008-05-19 16:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 11:31 . 2009-06-02 17:55 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-03 11:31 . 2009-06-02 18:18 88 --sh--r- c:\windows\system32\45695CAEBB.sys
2009-12-30 09:52 . 2009-08-06 19:28 -------- d-----w- c:\program files\ICQ6.5
2009-12-28 12:14 . 2009-02-21 06:17 65536 ----a-w- c:\windows\IFinst27.exe
2009-12-23 18:31 . 2008-05-26 17:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-23 13:26 . 2008-10-04 15:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-23 13:26 . 2008-10-04 15:03 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-23 13:25 . 2008-09-28 10:58 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-23 13:25 . 2008-09-28 10:58 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-14 20:51 . 2009-01-17 08:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-14 15:58 . 2009-06-29 17:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-11 22:05 . 2009-09-08 16:33 11284648 ----a-w- c:\documents and settings\All Users\Application Data\Nanovor\Nanovor.exe
2009-12-11 22:05 . 2009-08-14 11:48 108 ----a-w- c:\documents and settings\All Users\Application Data\Nanovor\Nanovor.bat
2009-12-04 17:24 . 2008-08-15 19:18 -------- d-----w- c:\documents and settings\Nemesis\Application Data\Hamachi
2009-12-02 12:10 . 2009-12-02 12:10 66680 ----a-w- c:\windows\system32\rakion.sys
2009-11-29 10:47 . 2009-11-29 10:47 -------- d-----w- c:\program files\Conduit
2009-11-28 17:26 . 2009-11-28 17:26 -------- d-----w- c:\documents and settings\Nemesis\Application Data\Atari
2009-11-28 17:08 . 2009-11-28 17:08 -------- d-----w- c:\documents and settings\Nemesis\Application Data\Leadertech
2009-11-28 15:49 . 2009-11-28 15:49 0 ----a-w- c:\windows\PowerReg.dat
2009-11-26 07:01 . 2009-11-26 07:01 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 23:54 . 2009-03-01 08:51 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-03-01 08:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-03-01 08:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-03-01 08:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-03-01 08:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-03-01 08:51 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-03-01 08:51 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-03-01 08:51 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-03-01 08:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-22 16:38 . 2008-05-19 17:51 13880 ----a-w- c:\documents and settings\Nemesis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-22 10:39 . 2008-05-27 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-22 10:24 . 2009-10-28 09:37 -------- d-----w- c:\program files\Java
2009-11-22 10:23 . 2009-11-22 10:23 152576 ----a-w- c:\documents and settings\Nemesis\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-22 10:23 . 2009-11-22 10:23 79488 ----a-w- c:\documents and settings\Nemesis\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-16 20:08 . 2009-11-16 20:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-11-14 18:26 . 2009-11-14 18:26 -------- d-----w- c:\program files\Common Files\Skype
2009-11-14 18:26 . 2009-11-14 18:26 -------- d-----r- c:\program files\Skype
2009-11-14 18:26 . 2009-03-29 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-12 14:44 . 2009-11-12 14:44 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-07 18:13 . 2008-05-21 15:26 -------- d-----w- c:\documents and settings\Nemesis\Application Data\ICQ
2009-11-04 17:35 . 2009-11-04 17:35 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-04 17:35 . 2009-11-04 17:35 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-29 05:38 . 2006-03-04 03:33 667136 ------w- c:\windows\system32\wininet.dll
2009-10-28 09:37 . 2009-10-28 09:37 152576 ----a-w- c:\documents and settings\Nemesis\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 03:17 . 2009-10-28 09:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 13:00 . 2008-07-08 14:37 21840 -c--atw- c:\windows\system32\SIntfNT.dll
2009-10-07 13:00 . 2008-07-08 14:37 17212 -c--atw- c:\windows\system32\SIntf32.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-04_10.47.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-05 11:08 . 2010-01-05 11:08 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat
+ 2010-01-05 10:56 . 2010-01-05 10:56 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
+ 2003-02-21 04:16 . 2003-02-21 04:16 49152 c:\windows\system32\URTTEMP\regtlib.exe
+ 2006-02-28 12:00 . 2010-01-04 16:44 71002 c:\windows\system32\perfc009.dat
+ 2003-02-20 19:10 . 2003-02-20 19:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 64000 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 06:26 . 2003-02-21 06:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-20 18:09 . 2003-02-20 18:09 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 17:43 . 2003-02-20 17:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 18:18 . 2003-02-20 18:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 18:06 . 2003-02-20 18:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 06:25 . 2003-02-21 06:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 06:25 . 2003-02-21 06:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 06:24 . 2003-02-21 06:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 18:22 . 2003-02-20 18:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 06:24 . 2003-02-21 06:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 03:12 . 2003-02-21 03:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 06:24 . 2003-02-21 06:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 09:20 . 2003-02-21 09:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-20 18:09 . 2003-02-20 18:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 06:24 . 2003-02-21 06:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 18:19 . 2003-02-20 18:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2003-02-20 18:19 . 2003-02-20 18:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 18:19 . 2003-02-20 18:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 18:19 . 2003-02-20 18:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 18:19 . 2003-02-20 18:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 04:00 . 2003-02-21 04:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 02:55 . 2003-02-21 02:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 01:59 . 2003-02-21 01:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2010-01-04 16:44 . 2010-01-04 16:44 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_1d53a4aa\System.Drawing.Design.dll
+ 2010-01-04 16:44 . 2010-01-04 16:44 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_725fbe0b\CustomMarshalers.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 64000 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 86016 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2003-02-20 17:43 . 2003-02-20 17:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 7168 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 06:24 . 2003-02-21 06:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 06:24 . 2003-02-21 06:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 7168 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2006-02-28 12:00 . 2010-01-04 16:44 440684 c:\windows\system32\perfh009.dat
+ 2003-02-21 09:20 . 2003-02-21 09:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 06:27 . 2003-02-21 06:27 569344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 06:27 . 2003-02-21 06:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 06:27 . 2003-02-21 06:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 368640 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 03:42 . 2003-02-21 03:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 17:43 . 2003-02-20 17:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 18:06 . 2003-02-20 18:06 311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 716800 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-20 18:09 . 2003-02-20 18:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 18:06 . 2003-02-20 18:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-20 18:16 . 2003-02-20 18:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 09:21 . 2003-02-21 09:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 09:21 . 2003-02-21 09:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 10:11 . 2002-07-29 10:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 18:19 . 2003-02-20 18:19 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 04:04 . 2003-02-21 04:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 02:02 . 2003-02-21 02:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2010-01-04 16:45 . 2010-01-04 16:45 525824 c:\windows\Installer\2d92a3.msi
+ 2010-01-04 16:44 . 2010-01-04 16:44 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_09c54d60\System.Drawing.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 569344 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 368640 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 299008 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 716800 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2003-02-21 04:04 . 2003-02-21 04:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-21 06:27 . 2003-02-21 06:27 1335296 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 06:27 . 2003-02-21 06:27 2039808 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 06:27 . 2003-02-21 06:27 1245184 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 1216512 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 1699840 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 1290240 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-20 18:08 . 2003-02-20 18:08 2482176 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-20 18:07 . 2003-02-20 18:07 2494464 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 06:26 . 2003-02-21 06:26 2088960 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 06:25 . 2003-02-21 06:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2010-01-04 16:44 . 2010-01-04 16:44 3443712 c:\windows\Installer\2bdf87.msi
+ 2010-01-04 16:44 . 2010-01-04 16:44 1929216 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_2f7dfd6f\System.dll
+ 2010-01-04 16:44 . 2010-01-04 16:44 2076672 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a71f9d65\System.Xml.dll
+ 2010-01-04 16:44 . 2010-01-04 16:44 2994176 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a9c6fca9\System.Windows.Forms.dll
+ 2010-01-04 16:44 . 2010-01-04 16:44 1462272 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_27b81981\System.Design.dll
+ 2010-01-04 16:44 . 2010-01-04 16:44 3289088 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1048f2ea\mscorlib.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 1216512 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 1335296 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 2039808 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 1245184 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 1699840 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 1290240 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2010-01-04 16:43 . 2010-01-04 16:43 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\documents and settings\Nemesis\Desktop\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-12-31 2935480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-30 5898240]
"nwiz"="nwiz.exe" [2005-03-30 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-03-30 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"\\\\PONOZKA\\ZdieľanéDoku\\NarutoLF2 2.0\\Naruto.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\LieroX v0.56 Pack 1.9\\LieroX.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\W III\\Warcraft III.exe"=
"d:\\Wowko\\Kópia (2) – Kópia – Kópia – Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Nemesis\\Desktop\\Nový priečinok\\theduel.exe"=
"d:\\Program Files\\DreamCatcher\\Painkiller\\Painkiller Overdose\\Bin\\Overdose.exe"=
"d:\\Program Files\\DreamCatcher\\Painkiller\\Painkiller Overdose\\Bin\\OverdoseEditor.exe"=
"d:\\Program Files\\DreamCatcher\\Painkiller\\Painkiller Overdose\\Bin\\OverdoseServer.exe"=
"d:\\Wowko\\Kópia (2) – Kópia – Kópia – Counter-Strike 1.6\\hlds.exe"=
"d:\\Program Files\\Codemasters\\Overlord\\Overlord.exe"=
"d:\\Program Files\\Postal2\\System\\System\\Postal2MP.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"57714:TCP"= 57714:TCP:Pando Media Booster
"57714:UDP"= 57714:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.5.2008 18:29 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1.3.2009 9:51 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2009 11:43 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2009 11:43 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1.3.2009 9:51 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.8.2009 20:31 222968]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [19.5.2008 19:55 36048]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Nemesis\LOCALS~1\Temp\NEI81.tmp --> c:\docume~1\Nemesis\LOCALS~1\Temp\NEI81.tmp [?]
S3 rak;rak;c:\windows\system32\rakion.sys [2.12.2009 13:10 66680]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2009 11:43 7408]
S3 TKFsAc;TKFsAc;c:\windows\system32\TKFsAc2k.sys [2.7.2009 19:46 88864]
S3 TKFsAv;TKFsAv;c:\windows\system32\TKFsAv2k.sys [2.7.2009 19:46 31488]
S3 TKFsFt;TKFsFt;c:\windows\system32\TKFsFt2k.sys [2.7.2009 19:46 80672]
S3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k.sys [2.7.2009 19:46 41984]
S3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp.sys [2.7.2009 19:46 24704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2090540
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
IE: &Search
FF - ProfilePath - c:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\g2tqtva6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2090540&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=2&q=
FF - component: c:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\g2tqtva6.default\extensions\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\npjpi160_17.dll
FF - plugin: c:\program files\Java\jre6\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-gatesofandaron_is1 - d:\program files\Gameforge4D\GatesofAndaron\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 12:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll ACPI.sys sfsync02.sys nvatabus.sys spxw.sys >>UNKNOWN [0x8318E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75b0f28
\Driver\ACPI -> ACPI.sys @ 0xf731bcb8
\Driver\atapi -> atapi.sys @ 0xf72d6b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71cbbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71d8a21
SendHandler -> NDIS.sys @ 0xf71b687b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Nemesis\LOCALS~1\Temp\NEI81.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-1606980848-1801674531-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e2,83,c0,cd,59,f3,65,d7,81,54,b3,21,a0,05,23,04,d2,cc,e9,ea,7b,9d,9b,
00,a9,4a,50,a5,35,1a,8b,10,b5,c5,fa,b4,f3,be,59,2c,0f,d3,69,f1,a3,b1,d0,f4,\
"??"=hex:98,8d,b4,1c,7e,f8,57,c3,15,cc,57,96,67,b6,38,56

[HKEY_USERS\S-1-5-21-2052111302-1606980848-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:db,f9,ab,f4,e6,33,bf,3c,48,d6,fb,d6,5a,98,f1,57,28,9c,c4,ca,81,
0f,de,46,1e,37,3f,66,13,b9,1f,fc,08,9d,94,82,3b,ae,04,1c,fe,13,98,4e,79,ee,\
"rkeysecu"=hex:d9,c2,5e,b0,b6,64,0b,36,c5,96,97,69,e3,50,6d,1b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-05 12:14:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 11:14
ComboFix2.txt 2010-01-04 10:52

Pre-Run: 6 620 631 040 bytes free
Post-Run: 6 594 084 864 bytes free

- - End Of File - - 0FAD910F7F14965C6B01478A345128A1

hinatahyuuga · #11 Příspěvek od **hinatahyuuga** » 05 led 2010 14:09

Autoscan: completed 3 minutes ago (events: 15, objects: 186391, time: 01:41:58)
5.1.2010 12:23:51 Task started
5.1.2010 12:38:31 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Documents\Shaiya_Install_US_090508_DNA(2).exe/data0010
5.1.2010 12:54:47 Detected: Trojan-Dropper.MSIL.Agent.afp C:\Documents and Settings\Nemesis\Desktop\Nový priečinok\GunzLauncher.exe
5.1.2010 12:55:56 Deleted: Trojan-Dropper.MSIL.Agent.afp C:\Documents and Settings\Nemesis\Desktop\Nový priečinok\GunzLauncher.exe
5.1.2010 12:57:45 Detected: Backdoor.Win32.Hupigon.itdm C:\Documents and Settings\Nemesis\Desktop\w4rhookv7\w4r hook v7.dll
5.1.2010 12:59:09 Deleted: Backdoor.Win32.Hupigon.itdm C:\Documents and Settings\Nemesis\Desktop\w4rhookv7\w4r hook v7.dll
5.1.2010 13:22:45 Detected: Backdoor.Win32.Hupigon.itdm C:\System Volume Information\_restore{B0E3D206-600E-4B9B-BE38-856BFE03DB2C}\RP301\A0504717.dll
5.1.2010 13:22:45 Detected: Trojan-Dropper.MSIL.Agent.afp C:\System Volume Information\_restore{B0E3D206-600E-4B9B-BE38-856BFE03DB2C}\RP301\A0504716.exe
5.1.2010 13:24:42 Deleted: Backdoor.Win32.Hupigon.itdm C:\System Volume Information\_restore{B0E3D206-600E-4B9B-BE38-856BFE03DB2C}\RP301\A0504717.dll
5.1.2010 13:24:48 Deleted: Trojan-Dropper.MSIL.Agent.afp C:\System Volume Information\_restore{B0E3D206-600E-4B9B-BE38-856BFE03DB2C}\RP301\A0504716.exe
5.1.2010 13:57:30 Detected: Trojan.Win32.Genome.jqr D:\Wowko\370hook.zip/370hook/370hook.dll
5.1.2010 13:57:35 Deleted: Trojan.Win32.Genome.jqr D:\Wowko\370hook.zip/370hook/370hook.dll
5.1.2010 13:57:40 Detected: Trojan.Win32.Genome.jqr D:\Wowko\370hook\370hook.dll
5.1.2010 14:01:20 Deleted: Trojan.Win32.Genome.jqr D:\Wowko\370hook\370hook.dll
5.1.2010 14:05:50 Task completed

#12 Příspěvek od **motji** » 05 led 2010 18:51

Jak to vypadá s počítačem?

hinatahyuuga · #13 Příspěvek od **hinatahyuuga** » 05 led 2010 22:47

pocitac, je o dost rychlejsi , ale musim este sledovat ci to posiela tie spravy alebo nie

#14 Příspěvek od **motji** » 05 led 2010 23:18

Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)

Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?

Tak to zjistěte, na Icq si změnte heslo

VIRY.CZ

posiela mi samo spravy z icq

posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq

Re: posiela mi samo spravy z icq