IE spam

[riffman]

drzi se jako kliste

stahnete MBR

presunte mbr.exe do adresare C:\Windows

dalsi postup jest nasledujici:

Start/Spustit a do chlivecku napiste cmd a stisk Enter.

vybafne na vas okenko prikazoveho radku; vy nadatlujte rucne prikaz:

mbr.exe -f

a stisknete Enter

Po provedeni operace restartujte a spustte mbr jeste jednou, jiz normalne a vlozte sem log

[kroenen2]

Spravil som presne podla pokynov, ale len takyto kratky log mi vyhodilo:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

....to je vobec log?

A ked uz sme pri tej "zasranosti" ...mam strasnu kopu toho pri starte, nemozem nieco vymazat? hlavne niektore so system32...

CCleaner (startup):

Áno HKCU:Run UberIcon "D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
Áno HKCU:Run \\KROENENAMD\EPSON SX110 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\DOCUME~1\kroenen2\LOCALS~1\Temp\E_SA90.tmp" /EF "HKCU"
Áno HKCU:Run Google Update "C:\Documents and Settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Áno HKCU:Run AdobeUpdater "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
Áno HKCU:Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Nie HKCU:Run VisualTaskTips d:\Program Files\VisualTaskTips\VisualTaskTips.exe
Áno HKLM:Run igfxtray C:\WINDOWS\system32\igfxtray.exe
Áno HKLM:Run igfxhkcmd C:\WINDOWS\system32\hkcmd.exe
Áno HKLM:Run igfxpers C:\WINDOWS\system32\igfxpers.exe
Áno HKLM:Run hpWirelessAssistant C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
Áno HKLM:Run Broadcom Wireless Manager UI C:\WINDOWS\system32\WLTRAY.exe
Áno HKLM:Run {0228e555-4f9c-4e35-a3ec-b109a192b4c2} C:\Program Files\Google\Gmail Notifier\gnotify.exe
Áno HKLM:Run avgnt "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Áno HKLM:Run SoundMAXPnP C:\Program Files\Analog Devices\Core\smax4pnp.exe
Áno HKLM:Run EPSON_UD_START "C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
Nie HKLM:Run Adobe Reader Speed Launcher "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Nie HKLM:Run Babylon Client D:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
Nie HKLM:Run BluetoothAuthenticationAgent rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Nie HKLM:Run Domino C:\WINDOWS\Domino.exe
Nie HKLM:Run GrooveMonitor "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Nie HKLM:Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
Nie HKLM:Run QuickTime Task "D:\Program Files\QuickTime\qttask.exe" -atboottime
Nie HKLM:Run SunJavaUpdateSched "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Nie HKLM:Run UnlockerAssistant "D:\Program Files\Unlocker\UnlockerAssistant.exe"
Nie HKLM:Run ZSSnp211 C:\WINDOWS\ZSSnp211.exe
Nie Startup Common DVD Check.lnk C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe
Nie Startup Common McAfee Security Scan.lnk C:\PROGRA~1\MCAFEE~1\10BCA1~1.150\SSSCHE~1.EXE
Áno Startup User RocketDock.lnk D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
Áno Startup User Start Unlocker Assistant.lnk D:\Program Files\Unlocker\UnlockerAssistant.exe
Áno Startup User TransBar.lnk D:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
Áno Startup User Y'z Shadow.lnk D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Nie Startup User UberIcon.lnk D:\WINDOWS\BRICOP~1\VISTAI~1\UberIcon\UBERIC~1.EXE

[riffman]

CCleaner (startup):

Áno HKCU:Run Google Update "C:\Documents and Settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
Áno HKCU:Run AdobeUpdater "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
Áno HKLM:Run hpWirelessAssistant C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
Nie HKLM:Run Adobe Reader Speed Launcher "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Nie HKLM:Run NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
Nie HKLM:Run QuickTime Task "D:\Program Files\QuickTime\qttask.exe" -atboottime
Nie HKLM:Run SunJavaUpdateSched "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Nie Startup Common McAfee Security Scan.lnk C:\PROGRA~1\MCAFEE~1\10BCA1~1.150\SSSCHE~1.EXE

tohle vsechno se da nemilosrdne zastrelit

ano, to kratky je log informujici o tom, ze MBR partice je OK

jeste po mne uklidte

http://sweb.cz/Marinus/T-Cleaner.exe

stahnout, spustit, v okne potvrdit klepnutim na klavesu A vykonani akce, nechat probehnout

[kroenen2]

OK, vycistene, dik moc. Este poprosim par drobnostii...

Pri starte mi vyhadzuje toto:

Co je to? ako sa toho zbavim?

A ta zotavovacia konzola... mozem ju nechat takto nainstalovanu? lebo teraz mi vyzdy po zapnuti pc vyhodi tie moznosti:

...vobec mi to nevadi, len by som rad vedel ako by sa to dalo zrusit a kedy bude fungovat aj cez boot CD klavesou "R"

[riffman]

omlouvam se za zpozdeni, byl jsem cely vikend totalne mimo

muzete sem soupnout jeste aktualni logy z RSITu a Combofixu?

[kroenen2]

RSIT LOG:

Logfile of random's system information tool 1.07 (written by random/random)
Run by kroenen2 at 2010-06-28 18:27:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 877 MB (13%) free of 7 GB
Total RAM: 503 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:27:16, on 28.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\kroenen2\Desktop\RSIT.exe
C:\Program Files\trend micro\kroenen2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag0.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag0.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag0.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [UberIcon] "D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [\\KROENENAMD\EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\DOCUME~1\kroenen2\LOCALS~1\Temp\E_SA90.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Start Unlocker Assistant.lnk = D:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - Startup: TransBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Convar task manager (ctm) - Convar Deutschland GmbH - d:\Program Files\TaskManager\ctm.exe
O23 - Service: EMP_UDSA - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - D:\MY HP_SOFTWARE\IMAGES\ZNAKY, SYMBOLY\bumblebee1.gif
O24 - Desktop Component 1: (no name) - D:\MY HP_SOFTWARE\CAM_stream\image.jpg
O24 - Desktop Component 2: TV program na dnes - Aktuality.sk - http://www.aktuality.sk/tv-program?i9=eac034476018

--
End of file - 9392 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\02 - Trevor Rabin - Ben.job
C:\WINDOWS\tasks\Edward Maya & Vika Jigulina - Stereo Love (Molella Remix).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-329068152-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-329068152-839522115-1003UA.job
C:\WINDOWS\tasks\STV2_live.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
PageRage Toolbar - C:\Program Files\PageRage\tbPag0.dll [2010-06-04 2393184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2009-12-23 252816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyB0.dll [2010-06-04 2515552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9565115d-c7d6-46d3-bd63-b67b481a4368} - PageRage Toolbar - C:\Program Files\PageRage\tbPag0.dll [2010-06-04 2393184]
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyB0.dll [2010-06-04 2515552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-06 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-06 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-06 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-05-25 1253376]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"=D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
"\\KROENENAMD\EPSON SX110 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE [2008-09-27 199680]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-22 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-09-26 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
D:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2009-12-23 3722128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
C:\WINDOWS\Domino.exe [2006-08-18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON_UD_START]
C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe [2009-01-21 329632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-22 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
D:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
d:\Program Files\VisualTaskTips\VisualTaskTips.exe [2007-09-05 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
C:\WINDOWS\ZSSnp211.exe [2007-04-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^kroenen2^Start Menu^Programs^Startup^UberIcon.lnk]
D:\WINDOWS\BRICOP~1\VISTAI~1\UberIcon\UBERIC~1.EXE [2006-05-21 180224]

C:\Documents and Settings\kroenen2\Start Menu\Programs\Startup
RocketDock.lnk - D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
Start Unlocker Assistant.lnk - D:\Program Files\Unlocker\UnlockerAssistant.exe
TransBar.lnk - D:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
Y'z Shadow.lnk - D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-06 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-11-22 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Counter-Strike\hl.exe"="D:\Program Files\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\VLC\vlc.exe"="D:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="D:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"D:\Program Files\Skype\Plugin Manager\skypePM.exe"="D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\rserver30\rserver3.exe"="C:\WINDOWS\system32\rserver30\rserver3.exe:*:Enabled:Radmin Server 3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-06-28 18:25:27 ----D---- C:\rsit
2010-06-24 21:36:32 ----D---- C:\WINDOWS\temp
2010-06-24 21:32:28 ----SHD---- C:\RECYCLER
2010-06-24 21:23:21 ----D---- C:\Program Files\internet explorer
2010-06-24 21:19:22 ----A---- C:\Boot.bak
2010-06-24 21:19:18 ----RASHD---- C:\cmdcons
2010-06-21 20:51:07 ----A---- C:\TDSSKiller.2.3.2.0_21.06.2010_20.51.07_log.txt
2010-06-20 20:14:54 ----D---- C:\Program Files\trend micro
2010-06-18 13:50:22 ----D---- C:\Program Files\Common Files\Skype
2010-06-16 23:36:55 ----D---- C:\WINDOWS\CSC
2010-06-05 01:35:23 ----D---- C:\Documents and Settings\kroenen2\Application Data\PriceGong
2010-05-31 18:59:42 ----D---- C:\Program Files\EPSON Projector

======List of files/folders modified in the last 1 months======

2010-06-28 18:26:11 ----RD---- C:\WINDOWS
2010-06-28 18:25:35 ----D---- C:\WINDOWS\Prefetch
2010-06-27 23:39:13 ----D---- C:\WINDOWS\system32
2010-06-27 13:52:32 ----D---- C:\Documents and Settings\kroenen2\Application Data\vlc
2010-06-26 16:45:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-06-25 17:07:43 ----D---- C:\WINDOWS\system32\rserver30
2010-06-25 17:07:43 ----D---- C:\WINDOWS\system32\drivers
2010-06-25 17:07:43 ----D---- C:\WINDOWS\Debug
2010-06-25 16:16:07 ----SHD---- C:\System Volume Information
2010-06-25 16:16:07 ----D---- C:\WINDOWS\system32\Restore
2010-06-25 08:19:31 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-25 08:19:27 ----RSD---- C:\WINDOWS\assembly
2010-06-25 07:47:40 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-25 00:37:00 ----SHD---- C:\WINDOWS\Installer
2010-06-25 00:33:50 ----D---- C:\WINDOWS\WinSxS
2010-06-24 21:34:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-24 21:32:33 ----A---- C:\WINDOWS\system.ini
2010-06-24 21:28:14 ----D---- C:\WINDOWS\AppPatch
2010-06-24 21:28:11 ----D---- C:\Program Files\Common Files
2010-06-24 21:23:21 ----D---- C:\Program Files
2010-06-24 21:21:40 ----D---- C:\WINDOWS\system32\config
2010-06-24 21:19:23 ----RASH---- C:\boot.ini
2010-06-24 19:46:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-24 01:20:25 ----D---- C:\Documents and Settings\kroenen2\Application Data\dvdcss
2010-06-20 23:54:39 ----SD---- C:\WINDOWS\Tasks
2010-06-20 17:18:23 ----D---- C:\Documents and Settings\kroenen2\Application Data\uTorrent
2010-06-18 16:27:32 ----D---- C:\Documents and Settings\kroenen2\Application Data\Skype
2010-06-18 16:23:16 ----D---- C:\Documents and Settings\kroenen2\Application Data\skypePM
2010-06-18 13:54:06 ----AC---- C:\WINDOWS\SMWizard.INI
2010-06-12 00:36:24 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-11 19:23:31 ----HD---- C:\WINDOWS\inf
2010-06-11 19:22:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-04 23:54:20 ----D---- C:\Program Files\PageRage
2010-06-04 23:54:20 ----D---- C:\Program Files\myBabylon_English

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 raddrvv3;raddrvv3; \??\C:\WINDOWS\system32\rserver30\raddrvv3.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-18 16877]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-04 55656]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-01-31 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 BCM43XX;Broadcom 802.11 ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-05-25 429184]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 eppvad_simple;EPSON Projector UD Audio Device; C:\WINDOWS\system32\drivers\EMP_UDAU.sys [2008-05-14 17664]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-06 1168860]
R3 mirrorv3;mirrorv3; C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 tenCapture;tenCapture; C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 oxser;OX16C95x Serial port driver; C:\WINDOWS\system32\DRIVERS\oxser.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-22 47360]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2009-08-19 588032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZSMC211;ZSMC USB PC Camera (ZS211); C:\WINDOWS\System32\Drivers\ZS211.sys [2007-06-13 1469312]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 EMP_UDSA;EMP_UDSA; C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2009-03-10 98304]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RServer3;Radmin Server V3; C:\WINDOWS\system32\rserver30\RServer3.exe [2008-04-24 1238344]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-05-25 20480]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
S2 ctm;Convar task manager; d:\Program Files\TaskManager\ctm.exe [2004-04-02 98304]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-06 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


ComboFIX LOG:

ComboFix 10-06-27.06 - kroenen2 28.06.2010 18:37:54.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.503.267 [GMT 2:00]
Running from: c:\documents and settings\kroenen2\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-28 )))))))))))))))))))))))))))))))
.

2010-06-28 16:25 . 2010-06-28 16:25 -------- d-----w- C:\rsit
2010-06-25 14:15 . 2010-06-25 14:15 210944 ----a-w- c:\documents and settings\kroenen2\Application Data\Microsoft\Internet Explorer\Quick Launch\apps\T-Cleaner.exe
2010-06-21 18:49 . 2010-05-31 08:41 998736 ----a-w- c:\windows\system32\drivers\TDSSKiller.exe
2010-06-20 18:14 . 2010-06-28 16:27 -------- d-----w- c:\program files\trend micro
2010-06-18 11:50 . 2010-06-18 11:50 -------- d-----w- c:\program files\Common Files\Skype
2010-06-16 21:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-16 21:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 23:35 . 2010-06-23 21:58 -------- d-----w- c:\documents and settings\kroenen2\Application Data\PriceGong
2010-06-01 21:06 . 2010-06-27 21:39 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-31 16:59 . 2008-05-14 18:06 17664 ----a-w- c:\windows\system32\drivers\EMP_UDAU.sys
2010-05-31 16:59 . 2010-05-31 16:59 -------- d-----w- c:\program files\EPSON Projector
1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\windows\bcmwltrytmp.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 11:52 . 2008-11-28 22:55 -------- d-----w- c:\documents and settings\kroenen2\Application Data\vlc
2010-06-23 23:20 . 2008-05-20 14:15 -------- d-----w- c:\documents and settings\kroenen2\Application Data\dvdcss
2010-06-20 15:18 . 2009-01-16 02:34 -------- d-----w- c:\documents and settings\kroenen2\Application Data\uTorrent
2010-06-18 14:27 . 2007-12-21 21:12 -------- d-----w- c:\documents and settings\kroenen2\Application Data\Skype
2010-06-18 14:23 . 2007-12-21 21:18 -------- d-----w- c:\documents and settings\kroenen2\Application Data\skypePM
2010-06-04 21:54 . 2010-01-04 00:54 -------- d-----w- c:\program files\myBabylon_English
2010-06-04 21:54 . 2009-11-01 09:43 -------- d-----w- c:\program files\PageRage
2010-05-17 14:15 . 2010-06-21 18:49 2258 ----a-w- c:\windows\system32\drivers\eula.txt
2010-05-02 05:22 . 2004-08-03 22:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-03 23:56 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2004-08-03 23:56 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2008-11-21 20:19 . 2008-05-06 20:03 10240 -csha-w- c:\program files\Thumbs.db
2008-02-16 20:09 . 2008-02-16 20:09 0 -c--a-w- c:\program files\AstonWriteTest.txt
2009-01-17 09:20 . 2009-01-15 14:39 45320224 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 13:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag0.dll" [2010-06-04 2393184]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2010-06-04 2515552]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2010-06-04 21:54 2393184 ----a-w- c:\program files\PageRage\tbPag0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-04 21:54 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files\PageRage\tbPag0.dll" [2010-06-04 2393184]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2010-06-04 2515552]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "c:\program files\PageRage\tbPag0.dll" [2010-06-04 2393184]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2010-06-04 2515552]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="d:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
"\\KROENENAMD\EPSON SX110 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE" [2008-09-26 199680]
"Google Update"="c:\documents and settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-22 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-05-25 1253376]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\kroenen2\Start Menu\Programs\Startup\
RocketDock.lnk - d:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
Start Unlocker Assistant.lnk - d:\program files\Unlocker\UnlockerAssistant.exe [2006-9-7 15872]
TransBar.lnk - d:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
Y'z Shadow.lnk - d:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= d:\my hp_software\IMAGES\ZNAKY, SYMBOLY\bumblebee1.gif
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= d:\my hp_software\CAM_stream\image.jpg
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^kroenen2^Start Menu^Programs^Startup^UberIcon.lnk]
path=c:\documents and settings\kroenen2\Start Menu\Programs\Startup\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 10:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2009-12-23 13:55 3722128 ----a-w- d:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-08-18 15:58 49152 -c--a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON_UD_START]
2009-01-21 08:35 329632 ----a-w- c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-22 17:24 135664 ----atw- c:\documents and settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 17:19 15872 ----a-w- d:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips]
2007-09-05 17:20 36352 ----a-w- d:\program files\VisualTaskTips\VisualTaskTips.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-06 10:06 57344 -c--a-w- c:\windows\ZSSnp211.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Counter-Strike\\hl.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\VLC\\vlc.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [6.11.2007 3:08 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [6.11.2007 3:08 5248]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 21:45 20616]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [24.4.2008 8:49 45848]
R2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [31.5.2010 18:59 98304]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 13:27 1074568]
R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [24.4.2008 8:44 1238344]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [31.5.2010 18:59 17664]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [21.4.2007 16:15 9344]
S1 oxser;OX16C95x Serial port driver;c:\windows\system32\DRIVERS\oxser.sys --> c:\windows\system32\DRIVERS\oxser.sys [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9.6.2009 22:43 108289]
S2 ctm;Convar task manager;d:\program files\TaskManager\ctm.exe [6.6.2008 4:48 98304]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 15:58 26248]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [9.4.2008 21:20 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [21.12.2008 12:11 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [21.12.2008 12:11 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [21.12.2008 12:11 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [21.12.2008 12:11 86368]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 19:31 42000]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [20.5.2010 18:02 588032]
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 c:\windows\Tasks\02 - Trevor Rabin - Ben.job
- d:\my hp_software\MUSIC\SOUNDTRACKS\NATIONAL TREASURE OST (2004)\02 - Trevor Rabin - Ben.mp3 [2008-03-22 20:07]

2010-01-24 c:\windows\Tasks\Edward Maya & Vika Jigulina - Stereo Love (Molella Remix).job
- d:\my hp_software\MUSIC\TRANCE-DISCO\Edward Maya & Vika Jigulina - Stereo Love (Molella Remix).mp3 [2010-01-04 14:20]

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-329068152-839522115-1003Core.job
- c:\documents and settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-22 17:24]

2010-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-329068152-839522115-1003UA.job
- c:\documents and settings\kroenen2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-22 17:24]

2008-03-31 c:\windows\Tasks\STV2_live.job
- d:\program files\Mozilla Firefox\firefox.exe [2008-01-11 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - d:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - d:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\kroenen2\Application Data\Mozilla\Firefox\Profiles\r7usiygb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT689909&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - ÄŚSFD
FF - prefs.js: browser.startup.homepage - google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\kroenen2\Application Data\Mozilla\Firefox\Profiles\r7usiygb.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\kroenen2\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\progra~1\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: d:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: d:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: d:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\program files\Opera\program\plugins\npmusicn.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\program files\Opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-28 18:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82BCCA68]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8556f28
\Driver\ACPI -> ACPI.sys @ 0xf83a1cb8
\Driver\atapi -> 0x82bcca68
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf8209bb0
PacketIndicateHandler -> NDIS.sys @ 0xf81f8a0d
SendHandler -> NDIS.sys @ 0xf820cb40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72E8F93C-8E97-A926-0C03-27BBA1DE88FA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jalkghkdbmdbicbjpehf"=hex:62,61,70,65,00,00
"jalkghkdbmdbicbjpelf"=hex:62,61,6c,65,00,00
"iallbcbmmbfihhigag"=hex:6b,61,6f,65,67,62,61,64,6f,66,66,68,6a,61,70,6b,65,64,
66,67,6f,6b,00,00
"hanldfkfnacohgnl"=hex:6b,61,6f,65,67,62,61,64,62,66,61,6f,63,6b,6d,70,6b,6d,
6d,70,67,6e,00,00
"hapkbfjanjckkjhg"=hex:6b,61,65,6d,62,69,6f,65,62,6f,62,70,65,6f,6f,6f,6f,6c,
69,6c,6d,62,00,00
"jamkdgjgmlmebbjnlegl"=hex:6f,61,6b,6b,67,65,6f,6b,65,62,69,6d,6b,69,6a,6b,6a,
62,6e,69,68,68,62,70,69,69,64,66,62,6d,00,53

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AEF00276-DE2E-4627-E4FF-3FD9459F1E1C}\InProcServer32*]
"paaanjhkjahfakjhjmeknkcedajobpec"=hex:6a,61,70,63,6f,70,6b,66,70,69,61,6b,67,
6a,62,6c,6c,61,62,69,00,f6
"oaaahjnnihmgjhdjpdfhabffeajgcl"=hex:69,61,70,63,69,62,6d,65,6a,63,61,68,6d,69,
63,69,62,61,00,00

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1480)
d:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
d:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
d:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rserver30\FamItrfc.Exe
.
**************************************************************************
.
Completion time: 2010-06-28 18:47:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-28 16:47

Pre-Run: 743 346 176 bytes free
Post-Run: 717 459 456 voľných bajtov

- - End Of File - - 97898A11D6274A856C88375420033AF6

[riffman]

ten kram se tam drzi furt

stahnete GMER , rozbalte a spustte


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem

[kroenen2]

Nemozem, gmer.exe mi po spusteni a prezreti par umiestneni vypne a microsoft zahlasi chybu (odeslat / neodeslat zpravu o chybe)... Nechapem preco, predtym mi GMER isiel v pohode.

[kroenen2]

No ty vole! skusil som to este a na 4. krat zrazu MODRA SMRT na sekundu a hned restart pc. Tak som ho radsej nechal vypnuty zatial. Ako to je mozne? Ved sme to vsetkym moznym uz precistili...

[riffman]

zkuste to v nouzovem rezimu...

[kroenen2]

Uz som to pustil, Ide to aj v normal rezime. Co teraz ked ten GMER nejde? nieco ine musime skusit

[riffman]

stahnete si RootRepeal z adresy http://rootrepeal.googlepages.com/RootRepeal.zip


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

rozbalit, spustit, precvaknout na zalozku Files, klik na Scan, pockat, pak kliknutim na Save Report ulozit log a jeho obsah zkopirovat sem

to samy pak na zalozkach Processes, SSDT a Hidden Services

[kroenen2]

Po spusteni mi vyhodil chybu:



Ale potom isiel (asi) normalne:


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/06/29 15:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: c:\documents and settings\kroenen2\local settings\application data\mozilla\firefox\profiles\r7usiygb.default\cache\_cache_001_
Status: Size mismatch (API: 1928110, Raw: 1926830)



ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/06/29 15:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Processes
-------------------
Path: System
PID: 4 Status: -

Path: C:\WINDOWS\system32\ctfmon.exe
PID: 136 Status: -

Path: D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
PID: 200 Status: -

Path: D:\Program Files\Unlocker\UnlockerAssistant.exe
PID: 340 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 564 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 604 Status: -

Path: C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
PID: 612 Status: -

Path: C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PID: 648 Status: -

Path: C:\WINDOWS\system32\rserver30\FamItrfc.Exe
PID: 660 Status: -

Path: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PID: 684 Status: -

Path: C:\WINDOWS\system32\rserver30\rserver3.exe
PID: 752 Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 888 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 928 Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 936 Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 960 Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 1004 Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 1016 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1184 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1268 Status: -

Path: C:\WINDOWS\system32\hkcmd.exe
PID: 1348 Status: -

Path: C:\WINDOWS\system32\igfxpers.exe
PID: 1356 Status: -

Path: C:\WINDOWS\system32\WLTRAY.EXE
PID: 1364 Status: -

Path: C:\Program Files\Google\Gmail Notifier\gnotify.exe
PID: 1372 Status: -

Path: C:\Program Files\Analog Devices\Core\smax4pnp.exe
PID: 1396 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1412 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1464 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1556 Status: -

Path: D:\Program Files\Mozilla Firefox\firefox.exe
PID: 1564 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1592 Status: -

Path: D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
PID: 1724 Status: -

Path: C:\WINDOWS\system32\wdfmgr.exe
PID: 1784 Status: -

Path: D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
PID: 1896 Status: -

Path: C:\WINDOWS\system32\WLTRYSVC.EXE
PID: 1920 Status: -

Path: C:\WINDOWS\system32\BCMWLTRY.EXE
PID: 1936 Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 2000 Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 2444 Status: -

Path: D:\Program Files\QIP Infium\infium.exe
PID: 3212 Status: -

Path: D:\Program Files\Mozilla Firefox\plugin-container.exe
PID: 3420 Status: -

Path: C:\Documents and Settings\kroenen2\Desktop\RootRepeal.exe
PID: 3640 Status: -

Path: D:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PID: 3992 Status: -





ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/06/29 15:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001 Function Name: NtAccessCheck
Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003 Function Name: NtAccessCheckByType
Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008 Function Name: NtAddAtom
Status: Not hooked

#: 009 Function Name: NtAddBootEntry
Status: Not hooked

#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 012 Function Name: NtAlertResumeThread
Status: Not hooked

#: 013 Function Name: NtAlertThread
Status: Not hooked

#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 016 Function Name: NtAllocateUuids
Status: Not hooked

#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked

#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 020 Function Name: NtCallbackReturn
Status: Not hooked

#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked

#: 022 Function Name: NtCancelIoFile
Status: Not hooked

#: 023 Function Name: NtCancelTimer
Status: Not hooked

#: 024 Function Name: NtClearEvent
Status: Not hooked

#: 025 Function Name: NtClose
Status: Hooked by "a347bus.sys" at address 0xf83d7028

#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 027 Function Name: NtCompactKeys
Status: Not hooked

#: 028 Function Name: NtCompareTokens
Status: Not hooked

#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked

#: 030 Function Name: NtCompressKey
Status: Not hooked

#: 031 Function Name: NtConnectPort
Status: Not hooked

#: 032 Function Name: NtContinue
Status: Not hooked

#: 033 Function Name: NtCreateDebugObject
Status: Not hooked

#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 035 Function Name: NtCreateEvent
Status: Not hooked

#: 036 Function Name: NtCreateEventPair
Status: Not hooked

#: 037 Function Name: NtCreateFile
Status: Not hooked

#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked

#: 039 Function Name: NtCreateJobObject
Status: Not hooked

#: 040 Function Name: NtCreateJobSet
Status: Not hooked

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf8b64e06

#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked

#: 043 Function Name: NtCreateMutant
Status: Not hooked

#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "a347bus.sys" at address 0xf83cab00

#: 046 Function Name: NtCreatePort
Status: Not hooked

#: 047 Function Name: NtCreateProcess
Status: Not hooked

#: 048 Function Name: NtCreateProcessEx
Status: Not hooked

#: 049 Function Name: NtCreateProfile
Status: Not hooked

#: 050 Function Name: NtCreateSection
Status: Not hooked

#: 051 Function Name: NtCreateSemaphore
Status: Not hooked

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf8b64dfc

#: 054 Function Name: NtCreateTimer
Status: Not hooked

#: 055 Function Name: NtCreateToken
Status: Not hooked

#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked

#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked

#: 058 Function Name: NtDebugContinue
Status: Not hooked

#: 059 Function Name: NtDelayExecution
Status: Not hooked

#: 060 Function Name: NtDeleteAtom
Status: Not hooked

#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked

#: 062 Function Name: NtDeleteFile
Status: Not hooked

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf8b64e0b

#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf8b64e15

#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 067 Function Name: NtDisplayString
Status: Not hooked

#: 068 Function Name: NtDuplicateObject
Status: Not hooked

#: 069 Function Name: NtDuplicateToken
Status: Not hooked

#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "a347bus.sys" at address 0xf83cb5dc

#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "a347bus.sys" at address 0xf83d7120

#: 074 Function Name: NtExtendSection
Status: Not hooked

#: 075 Function Name: NtFilterToken
Status: Not hooked

#: 076 Function Name: NtFindAtom
Status: Not hooked

#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked

#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked

#: 079 Function Name: NtFlushKey
Status: Not hooked

#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 084 Function Name: NtFsControlFile
Status: Not hooked

#: 085 Function Name: NtGetContextThread
Status: Not hooked

#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked

#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 088 Function Name: NtGetWriteWatch
Status: Not hooked

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 091 Function Name: NtImpersonateThread
Status: Not hooked

#: 092 Function Name: NtInitializeRegistry
Status: Not hooked

#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked

#: 094 Function Name: NtIsProcessInJob
Status: Not hooked

#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 096 Function Name: NtListenPort
Status: Not hooked

#: 097 Function Name: NtLoadDriver
Status: Not hooked

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf8b64e1a

#: 099 Function Name: NtLoadKey2
Status: Not hooked

#: 100 Function Name: NtLockFile
Status: Not hooked

#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 102 Function Name: NtLockRegistryKey
Status: Not hooked

#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked

#: 104 Function Name: NtMakePermanentObject
Status: Not hooked

#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 108 Function Name: NtMapViewOfSection
Status: Not hooked

#: 109 Function Name: NtModifyBootEntry
Status: Not hooked

#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked

#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 114 Function Name: NtOpenEvent
Status: Not hooked

#: 115 Function Name: NtOpenEventPair
Status: Not hooked

#: 116 Function Name: NtOpenFile
Status: Hooked by "a347bus.sys" at address 0xf83cab40

#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked

#: 118 Function Name: NtOpenJobObject
Status: Not hooked

#: 119 Function Name: NtOpenKey
Status: Hooked by "a347bus.sys" at address 0xf83d6fa4

#: 120 Function Name: NtOpenMutant
Status: Not hooked

#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf8b64de8

#: 123 Function Name: NtOpenProcessToken
Status: Not hooked

#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 125 Function Name: NtOpenSection
Status: Not hooked

#: 126 Function Name: NtOpenSemaphore
Status: Not hooked

#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf8b64ded

#: 129 Function Name: NtOpenThreadToken
Status: Not hooked

#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 131 Function Name: NtOpenTimer
Status: Not hooked

#: 132 Function Name: NtPlugPlayControl
Status: Not hooked

#: 133 Function Name: NtPowerInformation
Status: Not hooked

#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked

#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked

#: 138 Function Name: NtPulseEvent
Status: Not hooked

#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked

#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 141 Function Name: NtQueryBootOptions
Status: Not hooked

#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 147 Function Name: NtQueryEaFile
Status: Not hooked

#: 148 Function Name: NtQueryEvent
Status: Not hooked

#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked

#: 151 Function Name: NtQueryInformationFile
Status: Not hooked

#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 153 Function Name: NtQueryInformationPort
Status: Not hooked

#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked

#: 155 Function Name: NtQueryInformationThread
Status: Not hooked

#: 156 Function Name: NtQueryInformationToken
Status: Not hooked

#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked

#: 160 Function Name: NtQueryKey
Status: Hooked by "a347bus.sys" at address 0xf83cb5fc

#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 162 Function Name: NtQueryMutant
Status: Not hooked

#: 163 Function Name: NtQueryObject
Status: Not hooked

#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 167 Function Name: NtQuerySection
Status: Not hooked

#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked

#: 169 Function Name: NtQuerySemaphore
Status: Not hooked

#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked

#: 174 Function Name: NtQuerySystemTime
Status: Not hooked

#: 175 Function Name: NtQueryTimer
Status: Not hooked

#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "a347bus.sys" at address 0xf83d7076

#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 180 Function Name: NtQueueApcThread
Status: Not hooked

#: 181 Function Name: NtRaiseException
Status: Not hooked

#: 182 Function Name: NtRaiseHardError
Status: Not hooked

#: 183 Function Name: NtReadFile
Status: Not hooked

#: 184 Function Name: NtReadFileScatter
Status: Not hooked

#: 185 Function Name: NtReadRequestData
Status: Not hooked

#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked

#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 188 Function Name: NtReleaseMutant
Status: Not hooked

#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked

#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 192 Function Name: NtRenameKey
Status: Not hooked

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf8b64e24

#: 194 Function Name: NtReplyPort
Status: Not hooked

#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 199 Function Name: NtRequestPort
Status: Not hooked

#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 202 Function Name: NtResetEvent
Status: Not hooked

#: 203 Function Name: NtResetWriteWatch
Status: Not hooked

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf8b64e1f

#: 205 Function Name: NtResumeProcess
Status: Not hooked

#: 206 Function Name: NtResumeThread
Status: Not hooked

#: 207 Function Name: NtSaveKey
Status: Not hooked

#: 208 Function Name: NtSaveKeyEx
Status: Not hooked

#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked

#: 210 Function Name: NtSecureConnectPort
Status: Not hooked

#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 212 Function Name: NtSetBootOptions
Status: Not hooked

#: 213 Function Name: NtSetContextThread
Status: Not hooked

#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked

#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked

#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 218 Function Name: NtSetEaFile
Status: Not hooked

#: 219 Function Name: NtSetEvent
Status: Not hooked

#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 221 Function Name: NtSetHighEventPair
Status: Not hooked

#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 224 Function Name: NtSetInformationFile
Status: Not hooked

#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked

#: 226 Function Name: NtSetInformationKey
Status: Not hooked

#: 227 Function Name: NtSetInformationObject
Status: Not hooked

#: 228 Function Name: NtSetInformationProcess
Status: Not hooked

#: 229 Function Name: NtSetInformationThread
Status: Not hooked

#: 230 Function Name: NtSetInformationToken
Status: Not hooked

#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked

#: 232 Function Name: NtSetIoCompletion
Status: Not hooked

#: 233 Function Name: NtSetLdtEntries
Status: Not hooked

#: 234 Function Name: NtSetLowEventPair
Status: Not hooked

#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 237 Function Name: NtSetSecurityObject
Status: Not hooked

#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 240 Function Name: NtSetSystemInformation
Status: Not hooked

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "a347bus.sys" at address 0xf83d6550

#: 242 Function Name: NtSetSystemTime
Status: Not hooked

#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 244 Function Name: NtSetTimer
Status: Not hooked

#: 245 Function Name: NtSetTimerResolution
Status: Not hooked

#: 246 Function Name: NtSetUuidSeed
Status: Not hooked

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf8b64e10

#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 249 Function Name: NtShutdownSystem
Status: Not hooked

#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 251 Function Name: NtStartProfile
Status: Not hooked

#: 252 Function Name: NtStopProfile
Status: Not hooked

#: 253 Function Name: NtSuspendProcess
Status: Not hooked

#: 254 Function Name: NtSuspendThread
Status: Not hooked

#: 255 Function Name: NtSystemDebugControl
Status: Not hooked

#: 256 Function Name: NtTerminateJobObject
Status: Not hooked

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf8b64df7

#: 258 Function Name: NtTerminateThread
Status: Not hooked

#: 259 Function Name: NtTestAlert
Status: Not hooked

#: 260 Function Name: NtTraceEvent
Status: Not hooked

#: 261 Function Name: NtTranslateFilePath
Status: Not hooked

#: 262 Function Name: NtUnloadDriver
Status: Not hooked

#: 263 Function Name: NtUnloadKey
Status: Not hooked

#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked

#: 265 Function Name: NtUnlockFile
Status: Not hooked

#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked

#: 268 Function Name: NtVdmControl
Status: Not hooked

#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked

#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked

#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked

#: 274 Function Name: NtWriteFile
Status: Not hooked

#: 275 Function Name: NtWriteFileGather
Status: Not hooked

#: 276 Function Name: NtWriteRequestData
Status: Not hooked

#: 277 Function Name: NtWriteVirtualMemory
Status: Not hooked

#: 278 Function Name: NtYieldExecution
Status: Not hooked

#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked




ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/06/29 15:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden Services
-------------------

[riffman]

ja bych potreboval ten GMER aspon v nouzovem rezimu

[kroenen2]

Je mi luto ale aj v nudzovom to iste, po spusteni zacne scanovat a po 5 sekundach...