VIRY.CZ

Zdravim,
mam mensi problem, rundll32.exe neustale zere 25% cpu ... nasel sem na netu par odkazu na reseni, ale vsechny odkazovaly na stranky, jde je "100% safe" pres pul monitoru, takze predpokladam 100% malware
a dlasi vec, jen priblizne sem secetl RAM kterou zerou procesy (mam zaple zobrazeni procesu vsech uzivatelu) a vyslo mi neco pres 400Mb, ale hlasi mi to vyuziti 31% (z 4Gb, tj asi 1.2Gb) ...
mam podezreni ze to muze delat XP Mode (ikdyz sem se ho snazil opravdu vypnout, ale i tak ma pridelene 0.5Gb, tak nevim kde je tech 300Mb), ale procak si zere "svuj", takze furt nevim co je tomu rundll32 ...

mwav nasel tohle (imho to nevypada nebezpecne):

Object "Uplink Adware" found in File System! Action Taken: No Action Taken.
Object "Spyware.NetScreenWatch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Uplink Adware" found in File System! Action Taken: No Action Taken.
Object "Uplink Adware" found in File System! Action Taken: No Action Taken.
Object "Uplink Adware" found in File System! Action Taken: No Action Taken.
Object "Baidu Toolbar" found in File System! Action Taken: No Action Taken.
Object "ZeroClean Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".djvu". Action Taken: No Action Taken.

a v logu z RSIT toho taky moc nevidim (ale to je u me normalni, i kdyz tam neco je )

Logfile of random's system information tool 1.08 (written by random/random)
Run by Ghormoon at 2010-12-25 01:54:19
Microsoft Windows 7 Enterprise
System drive C: has 13 GB (24%) free of 55 GB
Total RAM: 4094 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:54:23, on 25.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Call Graph\CallGraph.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\SysWOW64\rundll32.exe
X:\Trillian\trillian.exe
C:\Users\Ghormoon\AppData\Local\Temp\mexe.com
C:\Program Files\trend micro\Ghormoon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CallGraph] C:\Program Files (x86)\Call Graph\CallGraph.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Trillian.lnk = X:\Trillian\trillian.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9960 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-309b6fbd-7ab2-4a95-9cf4-ce62ef99deeb -SystemEventPortName:HostProcess-62e37bcc-8260-44c3-b615-89c2bcf5db32 -IoCancelEventPortName:HostProcess-a7df7452-49c1-4e14-a398-f3e16c41796c -NonStateChangingEventPortName:HostProcess-6454d877-f230-47df-869b-a7e28a051261 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:cd0735d5-f8b2-48e1-9cdd-3d708e4b30b3
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-388c96f5-89c6-42d5-98f9-5dd5033338b5 -SystemEventPortName:HostProcess-496429fe-7f95-4e25-9347-d4cb874fad37 -IoCancelEventPortName:HostProcess-127becfb-1d81-46d8-ad64-caf592efce6a -NonStateChangingEventPortName:HostProcess-22e2d066-8445-4e66-a017-2310759696b5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:981a9a3a-5539-4602-a2d8-042a3acd6e35
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\system32\svchost.exe -k bthaudiosvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"taskhost.exe"
"C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe"
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\System32\tcpsvcs.exe
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\Windows Media Player\WMPSideShowGadget.exe"
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /SkipFUE /RemoteOCXLaunch
C:\Windows\system32\svchost.exe -k WindowsMobile
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe"
"C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe"
"C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Process Lasso\ProcessLasso.exe"
"C:\Program Files\Process Lasso\ProcessGovernor.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe"
"C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe"
"C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files (x86)\Call Graph\CallGraph.exe"
"C:\Program Files\Logitech\SetPoint\SetPoint.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe"
KHALMNPR.EXE /API
"C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\rundll32.exe C:\Windows\system32\gameux.dll,GameUXShim {d1e62fa7-b0c7-4bfd-87e5-f8ace9f85316};X:\Games\Total Annihilation\TotalA.exe;4548
"X:\Trillian\trillian.exe" /user ghormoon
"taskhost.exe"
"C:\Users\Ghormoon\AppData\Local\Temp\mexe.com"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe22_ Global\UsGthrCtrlFltPipeMssGthrPipe22 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Ghormoon\Desktop\RSITx64(2).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-26 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"Launch LgDeviceAgent"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2010-02-18 415816]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2010-02-18 2093128]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2010-02-18 4271688]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 130576]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2837768]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-01-19 9996320]
"ProcessLassoManagementConsole"=C:\Program Files\Process Lasso\processlasso.exe [2010-11-16 637968]
"ProcessGovernor"=C:\Program Files\Process Lasso\processgovernor.exe [2010-11-16 303632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-09-02 13351304]
"CallGraph"=C:\Program Files (x86)\Call Graph\CallGraph.exe [2009-11-13 2942712]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-01-13 37888]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Ghormoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Trillian.lnk - X:\Trillian\trillian.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 76816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-03-18 275360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Call Graph\CallGraph.exe"="C:\Program Files (x86)\Call Graph\CallGraph.exe:*:Enabled:Call Graph"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-25 01:49:01 ----AD---- C:\Windows\VDLL.DLL
2010-12-25 01:49:01 ----AD---- C:\Windows\SYSWOW64\runouce.exe
2010-12-25 01:49:01 ----AD---- C:\Windows\rundll16.exe
2010-12-25 01:49:01 ----AD---- C:\Windows\RUNDL132.EXE
2010-12-25 01:49:01 ----AD---- C:\Windows\logo1_.exe
2010-12-25 01:49:01 ----AD---- C:\Windows\logo_1.exe
2010-12-25 01:44:29 ----A---- C:\Windows\SYSWOW64\msvcr80.dll
2010-12-25 01:44:28 ----A---- C:\Windows\SYSWOW64\msvcp80.dll
2010-12-25 01:44:27 ----A---- C:\Windows\SYSWOW64\eEmpty.exe
2010-12-25 01:44:08 ----D---- C:\ProgramData\MicroWorld
2010-12-25 01:35:19 ----D---- C:\Program Files\CCleaner
2010-12-23 17:44:27 ----A---- C:\TotalA_log.txt
2010-12-22 02:13:26 ----D---- C:\Program Files (x86)\EASEUS
2010-12-22 00:53:21 ----D---- C:\Users\Ghormoon\AppData\Roaming\vlc
2010-12-22 00:52:39 ----D---- C:\Program Files (x86)\VideoLAN
2010-12-21 20:16:25 ----A---- C:\mtty_0513_Test.exe
2010-12-18 14:37:42 ----D---- C:\Program Files (x86)\SpeedFan
2010-12-15 07:41:36 ----A---- C:\Windows\SYSWOW64\tzres.dll
2010-12-15 07:41:36 ----A---- C:\Windows\system32\tzres.dll
2010-12-15 07:41:31 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 07:41:31 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 07:41:31 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 07:41:31 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 07:41:30 ----A---- C:\Windows\SYSWOW64\taskschd.dll
2010-12-15 07:41:30 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2010-12-15 07:41:30 ----A---- C:\Windows\SYSWOW64\taskcomp.dll
2010-12-15 07:41:30 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2010-12-15 07:41:30 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 07:41:30 ----A---- C:\Windows\system32\schtasks.exe
2010-12-15 07:41:27 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 07:41:26 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2010-12-15 07:41:26 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2010-12-15 07:41:26 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 07:41:24 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 07:41:23 ----A---- C:\Windows\SYSWOW64\webio.dll
2010-12-15 07:41:23 ----A---- C:\Windows\system32\webio.dll
2010-12-15 07:41:17 ----A---- C:\Windows\system32\consent.exe
2010-12-15 07:41:15 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 07:41:15 ----A---- C:\Windows\system32\iertutil.dll
2010-12-15 07:41:14 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2010-12-15 07:41:14 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 07:41:14 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 07:41:13 ----A---- C:\Windows\SYSWOW64\mstime.dll
2010-12-15 07:41:11 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2010-12-15 07:41:10 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2010-12-15 07:41:10 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 07:41:09 ----A---- C:\Windows\SYSWOW64\wininet.dll
2010-12-15 07:41:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2010-12-15 07:41:09 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 07:41:09 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 07:41:09 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-15 07:41:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2010-12-15 07:41:08 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2010-12-15 07:41:08 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2010-12-15 07:41:08 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2010-12-15 07:41:08 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2010-12-15 07:41:08 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2010-12-15 07:41:08 ----A---- C:\Windows\SYSWOW64\ieui.dll
2010-12-15 07:41:08 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2010-12-15 07:41:08 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2010-12-15 07:41:08 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 07:41:08 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-15 07:41:08 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-15 07:41:08 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-15 07:41:08 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-15 07:41:08 ----A---- C:\Windows\system32\ieui.dll
2010-12-15 07:41:08 ----A---- C:\Windows\system32\iepeers.dll
2010-12-12 22:10:24 ----D---- C:\Windows\Uninstall
2010-12-12 19:39:17 ----D---- C:\ProgramData\Apple Computer
2010-12-12 19:39:17 ----D---- C:\Program Files (x86)\QuickTime
2010-12-12 13:38:14 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2010-12-04 22:02:36 ----D---- C:\Users\Ghormoon\AppData\Roaming\TrueCrypt
2010-12-04 22:01:56 ----A---- C:\Windows\system32\drivers\truecrypt.sys
2010-12-04 22:01:35 ----D---- C:\Program Files\TrueCrypt

======List of files/folders modified in the last 1 months======

2010-12-25 01:54:23 ----D---- C:\Program Files\trend micro
2010-12-25 01:54:22 ----D---- C:\Windows\Temp
2010-12-25 01:54:20 ----D---- C:\Windows\Prefetch
2010-12-25 01:53:57 ----D---- C:\Users\Ghormoon\AppData\Roaming\Skype
2010-12-25 01:49:01 ----D---- C:\Windows\SysWOW64
2010-12-25 01:49:01 ----AD---- C:\Windows
2010-12-25 01:44:21 ----D---- C:\Program Files (x86)\Common Files
2010-12-25 01:44:08 ----HD---- C:\ProgramData
2010-12-25 01:37:55 ----D---- C:\Users\Ghormoon\AppData\Roaming\Winamp
2010-12-25 01:37:52 ----D---- C:\Windows\Minidump
2010-12-25 01:37:52 ----D---- C:\Windows\debug
2010-12-25 01:35:19 ----RD---- C:\Program Files
2010-12-25 00:07:44 ----D---- C:\Users\Ghormoon\AppData\Roaming\skypePM
2010-12-24 14:57:23 ----D---- C:\Windows\system32\config
2010-12-23 13:51:52 ----D---- C:\Windows\System32
2010-12-23 13:51:51 ----D---- C:\Windows\inf
2010-12-23 13:51:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-23 13:47:07 ----D---- C:\Users\Ghormoon\AppData\Roaming\Call Graph
2010-12-23 13:45:31 ----D---- C:\ProgramData\NVIDIA
2010-12-23 00:40:27 ----SHD---- C:\System Volume Information
2010-12-22 10:35:11 ----D---- C:\Windows\rescache
2010-12-22 02:13:26 ----RD---- C:\Program Files (x86)
2010-12-22 02:12:09 ----SHD---- C:\Windows\Installer
2010-12-22 02:12:08 ----HD---- C:\Config.Msi
2010-12-22 02:09:54 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-12-22 02:09:51 ----D---- C:\Windows\SYSWOW64\drivers
2010-12-22 00:43:28 ----D---- C:\Windows\system32\FxsTmp
2010-12-22 00:43:27 ----D---- C:\Users\Ghormoon\AppData\Roaming\Nitro PDF
2010-12-21 21:48:33 ----A---- C:\Windows\WINCMD.INI
2010-12-21 21:48:16 ----A---- C:\Windows\wcx_ftp.ini
2010-12-20 20:27:42 ----D---- C:\Windows\system32\catroot2
2010-12-20 19:09:28 ----D---- C:\Windows\system32\drivers
2010-12-18 14:37:38 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-12-17 21:12:10 ----D---- C:\Program Files (x86)\DOSBox-0.74
2010-12-15 16:39:02 ----D---- C:\Windows\winsxs
2010-12-15 16:37:58 ----D---- C:\Windows\SYSWOW64\en-US
2010-12-15 16:37:58 ----D---- C:\Windows\SYSWOW64\cs-CZ
2010-12-15 16:37:58 ----D---- C:\Windows\system32\en-US
2010-12-15 16:37:58 ----D---- C:\Windows\system32\cs-CZ
2010-12-15 16:37:56 ----D---- C:\Program Files\Windows Mail
2010-12-15 16:37:56 ----D---- C:\Program Files (x86)\Windows Mail
2010-12-15 16:37:55 ----D---- C:\Windows\SYSWOW64\migration
2010-12-15 16:37:55 ----D---- C:\Windows\system32\migration
2010-12-15 16:37:55 ----D---- C:\Program Files\Internet Explorer
2010-12-15 16:37:55 ----D---- C:\Program Files (x86)\Internet Explorer
2010-12-15 09:14:10 ----D---- C:\ProgramData\Microsoft Help
2010-12-15 09:13:47 ----D---- C:\Windows\system32\catroot
2010-12-15 09:12:12 ----A---- C:\Windows\system32\MRT.exe
2010-12-02 16:42:39 ----D---- C:\Program Files\Process Lasso
2010-11-30 13:53:26 ----D---- C:\Users\Ghormoon\AppData\Roaming\Adobe
2010-11-29 06:17:25 ----D---- C:\Windows\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-30 828912]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-02-26 139704]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-12-04 230352]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-12-31 360712]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-02-26 163888]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-02-26 169592]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-02-26 50600]
R3 BthAudioHF;BthAudioHF Service; C:\Windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 52224]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-02-26 33608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-01-19 2242720]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 55312]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 57872]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2009-06-17 40976]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x64\Sandra.sys [2009-08-07 23112]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vpcuxd;USB Virtualization Stub Service; C:\Windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 16384]
S3 WINIO;WINIO; \??\C:\Program Files (x86)\aspeeder\ynhjxd.dll []
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 40448]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-02-26 810120]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
R2 HFGService;Handsfree Headset Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-10-20 341312]
R2 nlsX86cc;NLS Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2010-10-20 67904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 10240]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 42336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-11-07 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-07 655624]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 160784]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-29 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

predem diky, Ghormoon

Edit: zapomel jsem zminit, ze asi pred tydnem sem tu mel zapojenou zavirovanou flashku (autorun.inf), ale ESET ju odchytil, tak sem predpokladal ze nic do systemu neproslo ...

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

omlouvam se, ale driv jsem to nestihl:

zkousel sem to pustit 2x, ale pri vytvareni logu to asi 5x prohlasi ze PEV.cfxxe prestal pracovat a pak muzu cekat klidne 2 hodiny a nic, porad
"Pripravuji Log Report.
Nespoustejte zadne aplikace dokud ComboFix neskonci svou cinnost."

Zkuste to v nouz. režimu.

stejny problem

Zkuste přejmenovat ComboFix třeba na cokoli.com a spustit.

taky nic zkousel sem i znova stahnout a taky ne

OK: Zkuste sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

1.1.2011 10:51:21 Task started
1.1.2011 12:47:17 Detected: Trojan.Win32.Agent.dira S:\Core\HyperCore\Panel\Extra\MTTY.exe
1.1.2011 12:47:36 Untreated: Trojan.Win32.Agent.dira S:\Core\HyperCore\Panel\Extra\MTTY.exe Skipped by user
1.1.2011 12:58:05 Detected: Trojan-Downloader.Win32.Agent.euff S:\Program Files\FlvToMp3\videotomp3.exe
1.1.2011 12:58:06 Untreated: Trojan-Downloader.Win32.Agent.euff S:\Program Files\FlvToMp3\videotomp3.exe Skipped by user
1.1.2011 15:45:41 Task completed

pozn. oboji je vpohode smaznuty, jen mi v logu zustalo, ze ne, bo sem mu to daval rucne

OK. Nastala nějaká změna?

hruby odhad ram v procesech 600-700, vyuziti 46%, tj skoro 1900 ... runddl32.exe sem tam bere 25%, sem tam ne ... a prijde mi, ze se dostava doba bootu na neunosnou mez, po tom co to vypada ze nabehl tak jeste 5-10min nejsem schopnej ani zapnout prolizec ...
nevim jestli nekoho napada jeste naka AV utilita, nebo to nekdy behem pristiho mesice formatnu ...
ale diky za snahu

Můžete ještě zkusit OTL: Stáhněte OTL: http://oldtimer.geekstogo.com/OTL.exe . Uložte na plochu, klikněte prvým myšítkem a zadejte "spustit jako správce". Zaškrtněte "pro 64b systém", "pro všechny uživatele", "kontrola na havěť LOP" a "PURITY". Do spodního okna vložte:

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Klikněte na "Prohledat" a vložte logy OTL.txt. a Extras.txt.

tak ten ma taky tendenci na necem zustat viset, asi to fakt preinstaluju neky koncem mesice, resp. az budu mit nejaky volny vikend ...

Ještě můžete zkusit opravu z instal. média.