windows defender hlásí Backdoor

Zpráva

norspan · #1 Příspěvek od **norspan** » 28 lis 2010 13:03

Logfile of random's system information tool 1.08 (written by random/random)
Run by Venca at 2010-11-28 13:00:40
Microsoft Windows 7 Ultimate
System drive C: has 6 GB (12%) free of 50 GB
Total RAM: 4094 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:00:42, on 28.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\bwinPoker\bwinPoker.exe
C:\Program Files (x86)\PokerStars\PokerStars.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Venca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://googleure.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\SysWOW64\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8761 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Soluto\soluto.exe" /userinit
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\dgdersvc.exe
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe"
"C:\Program Files\Soluto\SolutoService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 1776
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5de536ed-d28a-485b-8b7a-b6d792089abf -SystemEventPortName:HostProcess-3709e847-0252-4fee-9af0-1dbe2d7b617d -IoCancelEventPortName:HostProcess-538f2e2f-0655-4914-911b-07d645f5c452 -NonStateChangingEventPortName:HostProcess-2226cb00-a8ee-48d0-a677-fdb26efde271 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c184521b-c203-47ae-9bb8-0052393e5384
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=4740.08B6B180.1069450382 /prefetch:3
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Venca\AppData\Local\Google\Chrome\Application\7.0.517.44\gcswf32.dll" --lang=cs --plugin-data-dir="C:\Users\Venca\AppData\Local\Google\Chrome\User Data\Default" --channel=4740.06C1BC4C.40661314 /prefetch:4
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=4740.09259C00.515617472 /prefetch:3
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\bwinPoker\bwinPoker.exe" -dir . -p4compat PrePatch.exe -flashlib ".\NPSWF32.dll" -lang cs -logdir "C:\Users\Venca\AppData\Local\P5\bwin\logs" -brand "bwin"
PokerStars.exe --update
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=4740.09331300.11874305 /prefetch:3
"C:\Users\Venca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=4740.09333300.757272944 /prefetch:3
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Venca\Downloads\RSITx64 (1).exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233493234-3444600030-2606033753-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233493234-3444600030-2606033753-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-05-23 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-04-07 2839840]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-09-16 190472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe [2010-06-18 3365176]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-09-02 13351304]
"Google Update"=C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-18 136176]
"NVIDIA driver monitor"=c:\users\public\nvsvc32.exe [2010-11-20 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Venca\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-18 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"MSIAfterburner"=C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe [2010-06-07 44344]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-10-26 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-28 12:59:21 ----D---- C:\rsit
2010-11-28 12:59:21 ----D---- C:\Program Files\trend micro
2010-11-28 10:18:20 ----D---- C:\Users\Venca\AppData\Roaming\Malwarebytes
2010-11-28 10:18:14 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys
2010-11-28 10:18:13 ----D---- C:\ProgramData\Malwarebytes
2010-11-28 10:18:13 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-28 10:18:13 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-27 17:36:28 ----D---- C:\ProgramData\Jetbull Poker
2010-11-27 17:33:39 ----AD---- C:\Program Files (x86)\Jetbull Poker
2010-11-21 11:30:09 ----D---- C:\ProgramData\TrueCrypt
2010-11-21 11:19:32 ----D---- C:\Users\Venca\AppData\Roaming\TrueCrypt
2010-11-21 11:18:24 ----A---- C:\Windows\system32\drivers\truecrypt.sys
2010-11-21 11:18:11 ----D---- C:\Program Files\TrueCrypt
2010-11-21 00:40:54 ----D---- C:\ProgramData\ATI
2010-11-18 01:40:42 ----D---- C:\ProgramData\Electronic Arts
2010-11-18 01:40:42 ----D---- C:\ProgramData\EA Core
2010-11-18 01:30:39 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2010-11-18 01:30:39 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2010-11-18 01:30:39 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2010-11-18 01:30:39 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2010-11-18 01:30:39 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2010-11-18 01:30:39 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-11-18 01:30:39 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-11-18 01:30:39 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-11-18 01:30:39 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-11-18 01:30:39 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-11-18 01:30:38 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2010-11-18 01:30:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2010-11-18 01:30:38 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-11-18 01:30:38 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-11-18 01:30:37 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2010-11-18 01:30:37 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-11-18 01:30:36 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2010-11-18 01:30:36 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-11-18 01:30:36 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-11-18 01:30:35 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-11-18 01:30:34 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2010-11-18 01:30:34 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2010-11-18 01:30:34 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-11-18 01:30:34 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-11-18 01:30:33 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2010-11-18 01:30:33 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2010-11-18 01:30:33 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2010-11-18 01:30:33 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2010-11-18 01:30:33 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2010-11-18 01:30:33 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-11-18 01:30:33 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-11-18 01:30:33 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-11-18 01:30:33 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-11-18 01:30:33 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-11-18 01:30:32 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2010-11-18 01:30:32 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2010-11-18 01:30:32 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-11-18 01:30:32 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-11-18 01:30:31 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2010-11-18 01:30:31 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2010-11-18 01:30:31 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2010-11-18 01:30:31 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2010-11-18 01:30:31 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2010-11-18 01:30:31 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-11-18 01:30:31 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-11-18 01:30:31 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-11-18 01:30:31 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-11-18 01:30:31 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-11-18 01:30:30 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll
2010-11-18 01:30:30 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll
2010-11-18 01:30:30 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2010-11-18 01:30:30 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-11-18 01:30:30 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-11-18 01:30:30 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-11-18 01:30:29 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2010-11-18 01:30:29 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2010-11-18 01:30:29 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-11-18 01:30:29 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-11-18 01:30:28 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll
2010-11-18 01:30:28 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll
2010-11-18 01:30:28 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll
2010-11-18 01:30:28 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll
2010-11-18 01:30:28 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2010-11-18 01:30:28 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-11-18 01:30:28 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-11-18 01:30:28 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-11-18 01:30:28 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-11-18 01:30:28 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-11-18 01:30:27 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll
2010-11-18 01:30:27 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll
2010-11-18 01:30:27 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-11-18 01:30:27 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-11-18 01:30:26 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll
2010-11-18 01:30:26 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll
2010-11-18 01:30:26 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll
2010-11-18 01:30:26 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll
2010-11-18 01:30:26 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-11-18 01:30:26 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-11-18 01:30:26 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-11-18 01:30:26 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-11-18 01:30:25 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll
2010-11-18 01:30:25 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll
2010-11-18 01:30:25 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-11-18 01:30:25 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-11-18 01:30:23 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll
2010-11-18 01:30:23 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll
2010-11-18 01:30:23 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-11-18 01:30:23 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-11-18 01:30:22 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll
2010-11-18 01:30:22 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll
2010-11-18 01:30:22 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-11-18 01:30:22 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-11-18 01:30:20 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll
2010-11-18 01:30:20 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll
2010-11-18 01:30:20 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-11-18 01:30:20 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-11-18 01:30:19 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll
2010-11-18 01:30:19 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll
2010-11-18 01:30:19 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-11-18 01:30:19 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-11-18 01:30:18 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll
2010-11-18 01:30:18 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll
2010-11-18 01:30:18 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll
2010-11-18 01:30:18 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-11-18 01:30:18 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-11-18 01:30:18 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-11-18 01:30:17 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll
2010-11-18 01:30:17 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll
2010-11-18 01:30:17 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll
2010-11-18 01:30:17 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-11-18 01:30:17 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-11-18 01:30:17 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-11-18 01:30:16 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll
2010-11-18 01:30:16 ----A---- C:\Windows\system32\xinput1_3.dll
2010-11-18 01:30:16 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-11-18 01:30:15 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll
2010-11-18 01:30:15 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll
2010-11-18 01:30:15 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-11-18 01:30:15 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-11-18 01:30:14 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll
2010-11-18 01:30:14 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll
2010-11-18 01:30:14 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2010-11-18 01:30:14 ----A---- C:\Windows\SYSWOW64\d3dx10.dll
2010-11-18 01:30:14 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-11-18 01:30:14 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-11-18 01:30:14 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-11-18 01:30:14 ----A---- C:\Windows\system32\d3dx10.dll
2010-11-18 01:30:13 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2010-11-18 01:30:13 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-11-18 01:30:11 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll
2010-11-18 01:30:11 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll
2010-11-18 01:30:11 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2010-11-18 01:30:11 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-11-18 01:30:11 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-11-18 01:30:11 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-11-18 01:30:10 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll
2010-11-18 01:30:10 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-11-18 01:30:09 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll
2010-11-18 01:30:09 ----A---- C:\Windows\system32\xinput1_2.dll
2010-11-18 01:30:08 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll
2010-11-18 01:30:08 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll
2010-11-18 01:30:08 ----A---- C:\Windows\system32\xinput1_1.dll
2010-11-18 01:30:08 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-11-18 01:30:07 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll
2010-11-18 01:30:07 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-11-18 01:30:04 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll
2010-11-18 01:30:04 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll
2010-11-18 01:30:04 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll
2010-11-18 01:30:04 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-11-18 01:30:04 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-11-18 01:30:04 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-11-18 01:30:03 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll
2010-11-18 01:30:03 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-11-18 01:30:01 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll
2010-11-18 01:30:01 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-11-18 01:30:00 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll
2010-11-18 01:30:00 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-11-18 01:29:59 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll
2010-11-18 01:29:59 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-11-18 01:29:58 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll
2010-11-18 01:29:58 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-11-18 01:29:57 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll
2010-11-18 01:29:57 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-11-18 01:28:35 ----D---- C:\ProgramData\Solidshield
2010-11-16 17:49:08 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2010-11-16 17:49:07 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2010-11-16 17:49:07 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2010-11-12 15:49:08 ----D---- C:\Users\Venca\AppData\Roaming\VDownloader
2010-11-12 15:49:05 ----D---- C:\Program Files\WinPcap
2010-11-12 15:49:02 ----D---- C:\Program Files (x86)\VDownloader
2010-11-09 01:30:48 ----D---- C:\Program Files (x86)\MSI Afterburner
2010-11-09 01:02:22 ----D---- C:\Program Files\Common Files\ATI Technologies
2010-11-08 15:38:32 ----D---- C:\Program Files (x86)\Tripwire Interactive

======List of files/folders modified in the last 1 months======

2010-11-28 13:00:42 ----D---- C:\Windows\Temp
2010-11-28 13:00:39 ----D---- C:\Windows\Prefetch
2010-11-28 12:59:21 ----RD---- C:\Program Files
2010-11-28 12:50:20 ----D---- C:\Users\Venca\AppData\Roaming\Skype
2010-11-28 12:47:44 ----D---- C:\Windows\system32\config
2010-11-28 12:26:03 ----D---- C:\Windows\System32
2010-11-28 12:26:03 ----D---- C:\Windows\inf
2010-11-28 12:26:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-28 10:34:54 ----SHD---- C:\System Volume Information
2010-11-28 10:18:14 ----D---- C:\Windows\SYSWOW64\drivers
2010-11-28 10:18:13 ----RD---- C:\Program Files (x86)
2010-11-28 10:18:13 ----HD---- C:\ProgramData
2010-11-28 10:18:13 ----D---- C:\Windows\system32\drivers
2010-11-27 23:02:57 ----D---- C:\Program Files (x86)\JDownloader
2010-11-27 17:33:48 ----SHD---- C:\Windows\Installer
2010-11-27 11:29:56 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-11-24 16:19:47 ----D---- C:\Windows
2010-11-24 15:40:23 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-11-24 12:06:34 ----D---- C:\Program Files\Internet Explorer
2010-11-24 12:06:34 ----D---- C:\Program Files (x86)\Internet Explorer
2010-11-24 12:06:33 ----D---- C:\Windows\winsxs
2010-11-24 10:23:13 ----D---- C:\Windows\system32\catroot
2010-11-21 10:10:31 ----D---- C:\Windows\SysWOW64
2010-11-21 00:40:44 ----D---- C:\Program Files\ATI Technologies
2010-11-21 00:40:24 ----D---- C:\Windows\system32\DriverStore
2010-11-21 00:40:21 ----D---- C:\Windows\system32\catroot2
2010-11-20 14:23:26 ----D---- C:\Users\Venca\AppData\Roaming\gtk-2.0
2010-11-19 23:47:58 ----D---- C:\Program Files\Zoner
2010-11-18 01:30:07 ----RSD---- C:\Windows\assembly
2010-11-16 17:49:21 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-11-16 17:49:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-16 15:04:16 ----D---- C:\Program Files (x86)\Full Tilt Poker
2010-11-16 01:05:01 ----D---- C:\Windows\system32\NDF
2010-11-12 15:49:04 ----D---- C:\Program Files (x86)\Common Files
2010-11-11 12:41:26 ----D---- C:\Program Files (x86)\bwinPoker
2010-11-10 18:39:14 ----D---- C:\Windows\debug
2010-11-10 12:30:30 ----A---- C:\Windows\system32\MRT.exe
2010-11-09 01:02:22 ----D---- C:\Program Files\Common Files
2010-10-29 13:48:15 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 oem-drv64;OEM-SLP2.1 Driver (HPD64); C:\Windows\system32\DRIVERS\oem-drv64.sys [2010-05-18 14336]
R0 PCGenFAM;PCGenFAM; C:\Windows\system32\DRIVERS\PCGenFAM.sys [2010-09-22 199112]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-18 834544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-04-07 139704]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-11-21 230352]
R2 Ca1528av;SPCA1528 Video Camera Service; C:\Windows\System32\Drivers\Ca1528av.sys [2008-12-17 533760]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-04-07 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-04-07 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-04-07 50600]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-01-27 47632]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
R3 Bulk1528;SPCA1528 Still Camera Service; C:\Windows\System32\Drivers\Bulk1528.sys [2008-06-28 14848]
R3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2009-03-23 20992]
R3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2009-12-22 20568]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-04-07 33608]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-09-11 26248]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-09-11 41096]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-09-11 15880]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-09-11 76552]
S3 atidgllk;atidgllk; \??\C:\Program Files (x86)\GIGABYTE\ET5Pro\atidgllk.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-05-06 125456]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
S3 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool64.sys [2006-11-10 30720]
S3 aun90lgx;aun90lgx; C:\Windows\system32\drivers\aun90lgx.sys []
S3 cpuz132;cpuz132; \??\C:\Users\Venca\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-09-21 25640]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2010-09-21 30528]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 20392]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\Windows\system32\DRIVERS\ss_bserd.sys [2009-09-19 128000]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 5504]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [2009-12-22 16448]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2009-09-11 36872]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-10-27 203776]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 dgdersvc;Device Error Recovery Service; C:\Windows\SysWOW64\dgdersvc.exe [2010-06-09 95568]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-04-07 810120]
R2 NMSAccess;NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2010-09-22 330784]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 42336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 28 lis 2010 19:51

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

norspan · #3 Příspěvek od **norspan** » 29 lis 2010 09:46

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 5204

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.11.2010 9:44:14
mbam-log-2010-11-29 (09-44-14).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 336973
Uplynulý čas: 36 minuta(y), 43 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#4 Příspěvek od **Rudy** » 29 lis 2010 18:48

Log je čistý. Kde WinDefender toho backdoora našel?

norspan · #5 Příspěvek od **norspan** » 30 lis 2010 09:51

Backdoor:Win32/IRCbot.gen!M
Kategorie zadní vrátka,
Prostředky
process:
pid:3276

a neustále chce odesílat Microsoftu
C:/Users/Public/nvsvc32.exe

díky moc za pomoc

#6 Příspěvek od **Rudy** » 30 lis 2010 19:31

Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 a spusťte skriptem:

Files to delete:
C:/Users/Public/nvsvc32.exe

norspan · #7 Příspěvek od **norspan** » 01 pro 2010 13:15

spuštěno jako admin, ale nemůžu najít log a problém přetrvavá, mezeru jsem kontroloval

edit, log je ale
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.1 (build 7600)
Wed Dec 01 13:15:54 2010

13:15:54: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

#8 Příspěvek od **Rudy** » 01 pro 2010 19:09

OK. Zkusíme to ComboFixem.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Dejte log.

norspan · #9 Příspěvek od **norspan** » 01 pro 2010 20:17

nejde mě spustit, pro kolizi se 64bit systemem (mám win7 64)

#10 Příspěvek od **Rudy** » 01 pro 2010 20:21

Tak jinak:

Stáhněte OTL: http://oldtimer.geekstogo.com/OTL.exe . Uložte na plochu, klikněte prvým myšítkem a zadejte "spustit jako správce". Zaškrtněte "pro 64b systém", "pro všechny uživatele"

Do spodního okna zkopírujte:

:files
C:/Users/Public/nvsvc32.exe

Klikněte na vyčistit.

norspan · #11 Příspěvek od **norspan** » 01 pro 2010 21:04

provedeno a problém přetrvává, bohužel

#12 Příspěvek od **Rudy** » 01 pro 2010 21:13

OK. K následující akci budete pořebovat instal. médium Win7. Podle návodu: http://www.viry.cz/forum/viewtopic.php?f=46&t=106339 nastartujte z instal. DVD. Zvolte příkazový řádek a napište do něj:

del C:/Users/Public/nvsvc32.exe

Stiskněte >Enter< a restartujte PC.

222 · #13 Příspěvek od **222** » 01 pro 2010 21:15

Zdravím. Myslím, že chyba je v tom, že namiesto \ tam máte obyčajné /. Správna cesta k súboru by mala byť C:\Users\Public\nvsvc32.exe

norspan · #14 Příspěvek od **norspan** » 01 pro 2010 21:33

vyzkoušeno i s opačnýmy / a stále nic

s instalačním mediem vyzkouším zítra

#15 Příspěvek od **Rudy** » 01 pro 2010 23:17

Ano, přehlédl jsem, že máte opačná lomítka. Správně mají být tato: \ . Děkuji za připomínku.

VIRY.CZ

windows defender hlásí Backdoor

windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor

Re: windows defender hlásí Backdoor