Mam taký problém.Potreboval by som pomoct.Moj pocitac sice stara zostava ale myslim ze to co mi pocitac robi [vypisane nizsie] by nemal robit a mam tusenie ze v tom bude nejaky ten vir.
Zostava: AMD Athlon X2 64 Dual Core Processor 3800+
RAM: 1 GB DDR2
HDD: 180GB frekvenciu nevim kde zistit
GFX: Nvidia Ge-Force 8400 GS
Mainboard:MSI 7369 [podla CPU-Z]
Problem je taky ze pri hocijakej hre trochu narocnejsiom programe sa mi dana aplikacia spusta strasne dlho a to nevravim o vypinani kedy 10 minut cucim na ciernu obrazovku a cakam kym sa mi vypixeluje cela pracovna plocha.To iste mi robi ked sa prehadzujem povedze z hry ktoru hram na fullscreene ,a nie v okne, do windowsu na desktop.Vtedy mam chut milionkrat stlacit tlacitko tvrdeho restartu na skrini. Dalej mi robi problem napriklad ked otvorim nejaky priecinok ukazuje mi ze v nom nic nemam iba ked dam krok naspat a znova tam nakliknem tak mi ukaze co v danom priecinku je.
PC som kontroloval cez Spyware terminator,Ad-aware,Nod32 Antivirus5 dokonca som skusal aj Panda Block . No nic mi nepomaha. mam v pocitaci kopec dolezitych dokumentov ktore by som dlho zalohovaval a preto sa pytam ci sa to da vyriesit aj inak ako len tvrdym formatom disku.
_______________________________________________________________
Logfile of random's system information tool 1.09 (written by random/random)
Run by Bucooooo at 2011-09-28 15:52:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (47%) free of 110 GB
Total RAM: 1023 MB (14% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:15, on 28.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\Bucooooo\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Winamp\winamp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Bucooooo\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Bucooooo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Bucooooo\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Documents and Settings\Bucooooo\Local Settings\Application Data\Browser Plugin\BHO.dll
O2 - BHO: GdfrDUEn - {A3CF7606-E683-4375-A372-96B75DA0AEF7} - C:\Program Files\Stylish Profile\enlbrdr.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Bucooooo\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FIFA 11 Registration.lnk = C:\Program Files\EA Sports\FIFA 11\Support\EAregister.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 9542 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-790525478-1417001333-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-790525478-1417001333-1003.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Bucooooo\Application Data\Mozilla\Firefox\Profiles\1yjzcod1.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {6236BA26-C117-4007-928C-DE0716C7FA82}:1.0.2, {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.4, {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1, wtxpcom@mybrowserbar.com:4.3, youtubedownloader@mybrowserbar.com:4.3, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900, plugin@gameplaylabs.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?ei=utf-8 ... =937811&p="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647]
"Description"=12.0.1.647
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsjsrealplayerplugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
npwachk.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml
C:\Documents and Settings\Bucooooo\Application Data\Mozilla\Firefox\Profiles\1yjzcod1.default\extensions\
plugin@gameplaylabs.com
vshare@toolbar
{20a82645-c095-46ed-80e3-08825760534b}
{6236BA26-C117-4007-928C-DE0716C7FA82}
{6236BA26-C117-4007-928C-DE0716C7FA99}
C:\Documents and Settings\Bucooooo\Application Data\Mozilla\Firefox\Profiles\1yjzcod1.default\searchplugins\
web-search-1.xml
web-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-06-18 386264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class - C:\Documents and Settings\Bucooooo\Local Settings\Application Data\Browser Plugin\BHO.dll [2011-03-08 432640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Stylish Profile\enlbrdr.dll [2010-10-19 185856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Bucooooo\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-10-05 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-14 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-14 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-04 1049912]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - YouTube Downloader Toolbar - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"nwiz"=nwiz.exe /install []
"WinSys2"=C:\WINDOWS\system32\winsys2.exe [2008-01-18 208896]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2011-06-18 273544]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-06 3076144]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\DAEMON Tools Pro\DTProAgent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
C:\Warcraft III\eb.exe [2009-09-19 758272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.0\ICQ.exe silent loginmode=4 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-12-29 3037696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\uTorrent\uTorrent.exe [2011-05-05 399736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bucooooo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
LOLRecorder.lnk - C:\Program Files\LOLReplay\LOLRecorder.exe
C:\Documents and Settings\Bucooooo\Start Menu\Programs\Startup
FIFA 11 Registration.lnk - C:\Program Files\EA Sports\FIFA 11\Support\EAregister.exe
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nonsteam\Valve\hl.exe"="C:\Nonsteam\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Valve\hl.exe"="C:\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Warcraft III\war3.exe"="C:\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\ICQ6.5\ICQ.exe"="C:\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\uTorrent\uTorrent.exe"="C:\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\BF BC2\BFBC2Updater.exe"="C:\BF BC2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011"
"C:\RetailExe\1.0\cnc3game.dat"="C:\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game"="C:\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game:*:Enabled:Command & Conquer™ 4"
"C:\R.G. Gamers\Unreal Tournament III\Binaries\UT3.exe"="C:\R.G. Gamers\Unreal Tournament III\Binaries\UT3.exe:*:Enabled:UT3"
"C:\Winamp\winamp.exe"="C:\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\World of Warcraft\Launcher.exe"="C:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\World of Warcraft\Launcher.patch.exe"="C:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"C:\Program Files\EslWire\wire.exe"="C:\Program Files\EslWire\wire.exe:*:Enabled:ESL Wire Client"
"C:\Steam\steamapps\nephritos360\counter-strike source\hl2.exe"="C:\Steam\steamapps\nephritos360\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Steam\steamapps\nephritos360\counter-strike\hl.exe"="C:\Steam\steamapps\nephritos360\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Steam\steamapps\nephritos360\day of defeat\hl.exe"="C:\Steam\steamapps\nephritos360\day of defeat\hl.exe:*:Enabled:Day of Defeat"
"C:\Steam\steamapps\common\trackmania nations forever\TmForever.exe"="C:\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe"="C:\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.vorbis"=vorbis.acm
"VIDC.XFR1"=xfcodec.dll
======List of files/folders created in the last 1 month======
2011-09-28 15:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$
2011-09-28 14:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2567680$
2011-09-28 14:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2011-09-28 14:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676-v2$
2011-09-28 14:38:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2570222$
2011-09-28 14:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-09-28 14:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2559049$
2011-09-28 14:17:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2011-09-28 14:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2562937$
2011-09-28 14:09:28 ----D---- C:\WINDOWS\LastGood
2011-09-28 13:56:21 ----D---- C:\Program Files\ESET
2011-09-27 21:07:48 ----D---- C:\Program Files\Microsoft.NET
2011-09-27 20:53:59 ----D---- C:\Program Files\trend micro
2011-09-27 20:53:58 ----D---- C:\rsit
2011-09-09 11:12:13 ----A---- C:\WINDOWS\system32\SET561.tmp
2011-08-30 09:02:35 ----D---- C:\Documents and Settings\Bucooooo\Application Data\Search Settings
2011-08-30 09:02:33 ----D---- C:\Program Files\YouTube Downloader Toolbar
2011-08-30 09:02:33 ----D---- C:\Program Files\Application Updater
======List of files/folders modified in the last 1 month======
2011-09-28 15:27:56 ----D---- C:\WINDOWS\Temp
2011-09-28 15:06:54 ----D---- C:\WINDOWS\Microsoft.NET
2011-09-28 15:06:07 ----RSD---- C:\WINDOWS\assembly
2011-09-28 15:01:13 ----HD---- C:\WINDOWS\inf
2011-09-28 15:01:08 ----D---- C:\WINDOWS
2011-09-28 15:01:00 ----D---- C:\WINDOWS\system32
2011-09-28 15:00:31 ----SHD---- C:\Config.Msi
2011-09-28 14:59:50 ----SHD---- C:\WINDOWS\Installer
2011-09-28 14:59:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-09-28 14:58:27 ----D---- C:\WINDOWS\WinSxS
2011-09-28 14:55:00 ----A---- C:\WINDOWS\imsins.BAK
2011-09-28 14:54:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-28 14:54:33 ----D---- C:\WINDOWS\system32\drivers
2011-09-28 14:54:18 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-28 14:13:27 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-28 14:06:26 ----SD---- C:\WINDOWS\Tasks
2011-09-28 14:04:26 ----D---- C:\Steam
2011-09-28 14:03:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-09-28 13:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2011-09-28 13:56:21 ----RD---- C:\Program Files
2011-09-28 13:52:46 ----D---- C:\Program Files\Spyware Terminator
2011-09-28 13:52:46 ----D---- C:\Documents and Settings\Bucooooo\Application Data\Spyware Terminator
2011-09-28 13:51:17 ----D---- C:\Documents and Settings\Bucooooo\Application Data\Xfire
2011-09-27 23:58:37 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2011-09-27 21:08:03 ----D---- C:\WINDOWS\system32\en-US
2011-09-27 20:54:10 ----D---- C:\WINDOWS\Prefetch
2011-09-25 16:34:23 ----D---- C:\Documents and Settings\Bucooooo\Application Data\Mumble
2011-09-20 08:00:20 ----D---- C:\Program Files\Ask.com
2011-09-19 12:40:42 ----D---- C:\Program Files\Miranda pack by sssugi 2.3.2
2011-09-19 12:40:14 ----D---- C:\Program Files\Mattricks
2011-09-19 12:33:29 ----D---- C:\Program Files\DivX
2011-09-19 12:33:29 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2011-09-19 12:33:26 ----D---- C:\Program Files\Common Files
2011-09-17 07:46:12 ----D---- C:\Program Files\Xfire
2011-09-16 10:38:02 ----A---- C:\WINDOWS\system32\MRT.exe
2011-09-08 17:29:02 ----D---- C:\Program Files\Mozilla Firefox
2011-08-30 09:02:33 ----D---- C:\Program Files\Common Files\Spigot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-17 685816]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-05-16 271360]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 ESLWireAC;ESLWireAC; \??\C:\WINDOWS\system32\drivers\ESLWireACD.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-05-16 18048]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit; C:\WINDOWS\system32\DRIVERS\ESLvnic.sys [2011-04-18 24504]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-06-03 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-02-18 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-06-11 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 arf56eb7;arf56eb7; C:\WINDOWS\system32\drivers\arf56eb7.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 npkcrypt;npkcrypt; \??\C:\Lineage II\system\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\C:\Lineage II\system\npkcusb.sys []
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-06 974944]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-12-29 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-15 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Dakujem
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Spomalené PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalené PC
Vídím minimálně jednoho trojáka. Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Spomalené PC
ComboFix 11-09-28.01 - Bucooooo 28.09.2011 18:07:12.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.696 [GMT 2:00]
Running from: c:\documents and settings\Bucooooo\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bucooooo\Application Data\Local
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\1385712743216_25802.mp4.ddr
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\214140.avi.ddr
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\fwzwrdbtjmkc.avi.ddr
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\iwffzsmcxttc.avi.ddr
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\1385712743216_25802.mp4
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\214140.avi
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\fwzwrdbtjmkc.avi
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\iwffzsmcxttc.avi
c:\documents and settings\Bucooooo\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Bucooooo\Local Settings\Application Data\ApplicationHistory\Comrade.exe.bacfe152.ini
c:\documents and settings\Bucooooo\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Bucooooo\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
C:\install.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\vbpng1.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 11:56 . 2011-09-28 11:56 -------- d-----w- c:\program files\ESET
2011-09-27 19:07 . 2011-09-27 19:07 -------- d-----w- c:\program files\Microsoft.NET
2011-09-27 18:53 . 2011-09-28 13:53 -------- d-----w- c:\program files\trend micro
2011-09-27 18:53 . 2011-09-27 18:54 -------- d-----w- C:\rsit
2011-08-30 07:02 . 2011-08-30 07:02 -------- d-----w- c:\documents and settings\Bucooooo\Application Data\Search Settings
2011-08-30 07:02 . 2011-09-28 12:01 -------- d-----w- c:\program files\Application Updater
2011-08-30 07:02 . 2011-08-30 07:02 -------- d-----w- c:\program files\YouTube Downloader Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 07:13 . 2011-05-18 08:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 04:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-08-09 11:57 . 2011-08-09 11:57 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2011-08-04 07:20 103112 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-07-15 13:29 . 2008-04-13 23:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 23:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 14:24 . 2010-12-19 21:26 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-05 14:24 . 2010-12-19 21:27 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-05 14:23 . 2010-12-19 21:26 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-01 10:56 . 2011-07-01 10:24 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-01 10:56 . 2011-07-01 10:24 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-08 15:28 . 2011-03-28 20:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-10-19 07:47 185856 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-18 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-06 3076144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Bucooooo\Start Menu\Programs\Startup\
FIFA 11 Registration.lnk - c:\program files\EA Sports\FIFA 11\Support\EAregister.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-8-27 3510680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bucooooo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Bucooooo\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
2009-09-19 20:38 758272 ----a-w- c:\warcraft iii\eb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-11 17:48 133104 ----atw- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-12-29 16:57 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-05 18:13 399736 ----a-w- c:\utorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Warcraft III\\war3.exe"=
"c:\\ICQ6.5\\ICQ.exe"=
"c:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Steam\\steamapps\\nephritos360\\counter-strike\\hl.exe"=
"c:\\Steam\\steamapps\\nephritos360\\day of defeat\\hl.exe"=
"c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58465:TCP"= 58465:TCP:Pando Media Booster
"58465:UDP"= 58465:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.10.2009 6:32 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.12.2009 18:57 142592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.9.2011 18:16 974944]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2.6.2011 16:32 812448]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.10.2009 12:29 246520]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [14.1.2011 14:35 196912]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2.6.2011 16:32 24504]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11.6.2010 21:18 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003Core.job
- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 17:48]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003UA.job
- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 17:48]
.
2011-09-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-790525478-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-09-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-790525478-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Bucooooo\Application Data\Mozilla\Firefox\Profiles\1yjzcod1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-DAEMON Tools Pro Agent - c:\daemon tools pro\DTProAgent.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-28 18:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-790525478-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:ab,f6,c6,32,83,a5,69,34,7b,46,93,d4,8d,de,2d,96,9f,69,33,3c,86,
d3,50,af,4d,32,f7,74,a0,fc,34,91,6c,5a,45,1c,59,51,18,19,47,ce,01,72,c8,94,\
"rkeysecu"=hex:85,3f,6f,b6,88,8e,bd,60,15,86,32,22,a9,86,48,e5
.
Completion time: 2011-09-28 18:15:52
ComboFix-quarantined-files.txt 2011-09-28 16:15
.
Pre-Run: 53 708 402 688 bytes free
Post-Run: 57 451 827 200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 2451C297BA0AE24F4C8D8CA2D86D72BC
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.696 [GMT 2:00]
Running from: c:\documents and settings\Bucooooo\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bucooooo\Application Data\Local
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\1385712743216_25802.mp4.ddr
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\214140.avi.ddr
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\fwzwrdbtjmkc.avi.ddr
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\iwffzsmcxttc.avi.ddr
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\1385712743216_25802.mp4
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\214140.avi
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\fwzwrdbtjmkc.avi
c:\documents and settings\Bucooooo\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\iwffzsmcxttc.avi
c:\documents and settings\Bucooooo\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Bucooooo\Local Settings\Application Data\ApplicationHistory\Comrade.exe.bacfe152.ini
c:\documents and settings\Bucooooo\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Bucooooo\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
C:\install.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\vbpng1.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 11:56 . 2011-09-28 11:56 -------- d-----w- c:\program files\ESET
2011-09-27 19:07 . 2011-09-27 19:07 -------- d-----w- c:\program files\Microsoft.NET
2011-09-27 18:53 . 2011-09-28 13:53 -------- d-----w- c:\program files\trend micro
2011-09-27 18:53 . 2011-09-27 18:54 -------- d-----w- C:\rsit
2011-08-30 07:02 . 2011-08-30 07:02 -------- d-----w- c:\documents and settings\Bucooooo\Application Data\Search Settings
2011-08-30 07:02 . 2011-09-28 12:01 -------- d-----w- c:\program files\Application Updater
2011-08-30 07:02 . 2011-08-30 07:02 -------- d-----w- c:\program files\YouTube Downloader Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 07:13 . 2011-05-18 08:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 04:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-08-09 11:57 . 2011-08-09 11:57 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2011-08-04 07:20 103112 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-07-15 13:29 . 2008-04-13 23:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 23:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 14:24 . 2010-12-19 21:26 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-05 14:24 . 2010-12-19 21:27 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-05 14:23 . 2010-12-19 21:26 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-01 10:56 . 2011-07-01 10:24 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-01 10:56 . 2011-07-01 10:24 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-08 15:28 . 2011-03-28 20:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-10-19 07:47 185856 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-18 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-06 3076144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Bucooooo\Start Menu\Programs\Startup\
FIFA 11 Registration.lnk - c:\program files\EA Sports\FIFA 11\Support\EAregister.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-8-27 3510680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bucooooo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Bucooooo\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
2009-09-19 20:38 758272 ----a-w- c:\warcraft iii\eb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-11 17:48 133104 ----atw- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-12-29 16:57 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-05 18:13 399736 ----a-w- c:\utorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Warcraft III\\war3.exe"=
"c:\\ICQ6.5\\ICQ.exe"=
"c:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Steam\\steamapps\\nephritos360\\counter-strike\\hl.exe"=
"c:\\Steam\\steamapps\\nephritos360\\day of defeat\\hl.exe"=
"c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58465:TCP"= 58465:TCP:Pando Media Booster
"58465:UDP"= 58465:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.10.2009 6:32 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.12.2009 18:57 142592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.9.2011 18:16 974944]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2.6.2011 16:32 812448]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.10.2009 12:29 246520]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [14.1.2011 14:35 196912]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2.6.2011 16:32 24504]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11.6.2010 21:18 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003Core.job
- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 17:48]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003UA.job
- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 17:48]
.
2011-09-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-790525478-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-09-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-790525478-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Bucooooo\Application Data\Mozilla\Firefox\Profiles\1yjzcod1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-DAEMON Tools Pro Agent - c:\daemon tools pro\DTProAgent.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-28 18:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-790525478-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:ab,f6,c6,32,83,a5,69,34,7b,46,93,d4,8d,de,2d,96,9f,69,33,3c,86,
d3,50,af,4d,32,f7,74,a0,fc,34,91,6c,5a,45,1c,59,51,18,19,47,ce,01,72,c8,94,\
"rkeysecu"=hex:85,3f,6f,b6,88,8e,bd,60,15,86,32,22,a9,86,48,e5
.
Completion time: 2011-09-28 18:15:52
ComboFix-quarantined-files.txt 2011-09-28 16:15
.
Pre-Run: 53 708 402 688 bytes free
Post-Run: 57 451 827 200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 2451C297BA0AE24F4C8D8CA2D86D72BC
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalené PC
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\system32\winsys2.exe
Folder::
c:\documents and settings\Bucooooo\Application Data\Search Settings
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-
Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8 ... =937811&p=
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Spomalené PC
ComboFix 11-09-28.01 - Bucooooo 28.09.2011 19:23:27.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.626 [GMT 2:00]
Running from: c:\documents and settings\Bucooooo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bucooooo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\windows\system32\winsys2.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bucooooo\Application Data\PriceGong
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Bucooooo\Application Data\Search Settings
c:\windows\system32\winsys2.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 11:56 . 2011-09-28 11:56 -------- d-----w- c:\program files\ESET
2011-09-27 19:07 . 2011-09-27 19:07 -------- d-----w- c:\program files\Microsoft.NET
2011-09-27 18:53 . 2011-09-28 13:53 -------- d-----w- c:\program files\trend micro
2011-09-27 18:53 . 2011-09-27 18:54 -------- d-----w- C:\rsit
2011-08-30 07:02 . 2011-09-28 12:01 -------- d-----w- c:\program files\Application Updater
2011-08-30 07:02 . 2011-08-30 07:02 -------- d-----w- c:\program files\YouTube Downloader Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 07:13 . 2011-05-18 08:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 04:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-08-09 11:57 . 2011-08-09 11:57 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2011-08-04 07:20 103112 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-07-15 13:29 . 2008-04-13 23:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 23:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 14:24 . 2010-12-19 21:26 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-05 14:24 . 2010-12-19 21:27 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-05 14:23 . 2010-12-19 21:26 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-01 10:56 . 2011-07-01 10:24 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-01 10:56 . 2011-07-01 10:24 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-08 15:28 . 2011-03-28 20:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-28_16.13.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-28 17:34 . 2011-09-28 17:34 16384 c:\windows\temp\Perflib_Perfdata_378.dat
+ 2011-09-28 17:32 . 2011-09-28 17:32 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-09-28 17:32 . 2011-09-28 17:32 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\18a7efd299665b8bfa0d0dc6701343c6\System.Messaging.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-09-28 17:29 . 2011-09-28 17:29 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-09-28 17:29 . 2011-09-28 17:29 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-09-28 17:29 . 2011-09-28 17:29 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-09-28 17:29 . 2011-09-28 17:29 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c729750d54f6e7427230622bcccd4709\System.Data.OracleClient.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\afb4d5e8161d0129ba15c37de2461d8a\System.Data.Entity.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-10-19 07:47 185856 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-18 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-06 3076144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Bucooooo\Start Menu\Programs\Startup\
FIFA 11 Registration.lnk - c:\program files\EA Sports\FIFA 11\Support\EAregister.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-8-27 3510680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bucooooo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Bucooooo\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
2009-09-19 20:38 758272 ----a-w- c:\warcraft iii\eb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-11 17:48 133104 ----atw- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-12-29 16:57 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-05 18:13 399736 ----a-w- c:\utorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Warcraft III\\war3.exe"=
"c:\\ICQ6.5\\ICQ.exe"=
"c:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Steam\\steamapps\\nephritos360\\counter-strike\\hl.exe"=
"c:\\Steam\\steamapps\\nephritos360\\day of defeat\\hl.exe"=
"c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58465:TCP"= 58465:TCP:Pando Media Booster
"58465:UDP"= 58465:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.10.2009 6:32 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.12.2009 18:57 142592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.9.2011 18:16 974944]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2.6.2011 16:32 812448]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.10.2009 12:29 246520]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [14.1.2011 14:35 196912]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2.6.2011 16:32 24504]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11.6.2010 21:18 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003Core.job
- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 17:48]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003UA.job
- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 17:48]
.
2011-09-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-790525478-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-09-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-790525478-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Bucooooo\Application Data\Mozilla\Firefox\Profiles\1yjzcod1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-28 19:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-790525478-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:ab,f6,c6,32,83,a5,69,34,7b,46,93,d4,8d,de,2d,96,9f,69,33,3c,86,
d3,50,af,4d,32,f7,74,a0,fc,34,91,6c,5a,45,1c,59,51,18,19,47,ce,01,72,c8,94,\
"rkeysecu"=hex:85,3f,6f,b6,88,8e,bd,60,15,86,32,22,a9,86,48,e5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2996)
c:\program files\Xfire\xfire_toucan_44507.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-09-28 19:37:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-28 17:37
ComboFix2.txt 2011-09-28 16:15
.
Pre-Run: 57 381 142 528 bytes free
Post-Run: 31 adresárov, 57 281 650 688 voľných bajtov
.
- - End Of File - - 805FF544ABD03DF29807E0E881B2D6F9
Upload was successful
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.626 [GMT 2:00]
Running from: c:\documents and settings\Bucooooo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bucooooo\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\windows\system32\winsys2.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bucooooo\Application Data\PriceGong
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Bucooooo\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Bucooooo\Application Data\Search Settings
c:\windows\system32\winsys2.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 11:56 . 2011-09-28 11:56 -------- d-----w- c:\program files\ESET
2011-09-27 19:07 . 2011-09-27 19:07 -------- d-----w- c:\program files\Microsoft.NET
2011-09-27 18:53 . 2011-09-28 13:53 -------- d-----w- c:\program files\trend micro
2011-09-27 18:53 . 2011-09-27 18:54 -------- d-----w- C:\rsit
2011-08-30 07:02 . 2011-09-28 12:01 -------- d-----w- c:\program files\Application Updater
2011-08-30 07:02 . 2011-08-30 07:02 -------- d-----w- c:\program files\YouTube Downloader Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 07:13 . 2011-05-18 08:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2008-04-14 04:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-26 22:21 . 2011-08-26 22:21 42392 ----a-w- c:\windows\system32\xfcodec.dll
2011-08-09 11:57 . 2011-08-09 11:57 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2011-08-04 07:20 103112 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-08-04 07:20 . 2011-08-04 07:20 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2011-07-15 13:29 . 2008-04-13 23:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 23:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 14:24 . 2010-12-19 21:26 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-05 14:24 . 2010-12-19 21:27 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-05 14:23 . 2010-12-19 21:26 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-01 10:56 . 2011-07-01 10:24 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-01 10:56 . 2011-07-01 10:24 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-08 15:28 . 2011-03-28 20:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-28_16.13.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-28 17:34 . 2011-09-28 17:34 16384 c:\windows\temp\Perflib_Perfdata_378.dat
+ 2011-09-28 17:32 . 2011-09-28 17:32 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-09-28 17:32 . 2011-09-28 17:32 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\18a7efd299665b8bfa0d0dc6701343c6\System.Messaging.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-09-28 17:29 . 2011-09-28 17:29 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-09-28 17:29 . 2011-09-28 17:29 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-09-28 17:29 . 2011-09-28 17:29 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-09-28 17:29 . 2011-09-28 17:29 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-09-28 17:32 . 2011-09-28 17:32 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\c729750d54f6e7427230622bcccd4709\System.Data.OracleClient.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\afb4d5e8161d0129ba15c37de2461d8a\System.Data.Entity.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-09-28 17:30 . 2011-09-28 17:30 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-09-28 17:31 . 2011-09-28 17:31 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-09-28 17:29 . 2011-09-28 17:29 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-10-19 07:47 185856 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-18 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-06 3076144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Bucooooo\Start Menu\Programs\Startup\
FIFA 11 Registration.lnk - c:\program files\EA Sports\FIFA 11\Support\EAregister.exe [N/A]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-8-27 3510680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bucooooo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Bucooooo\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
2009-09-19 20:38 758272 ----a-w- c:\warcraft iii\eb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-11 17:48 133104 ----atw- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-12-29 16:57 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-05 18:13 399736 ----a-w- c:\utorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Warcraft III\\war3.exe"=
"c:\\ICQ6.5\\ICQ.exe"=
"c:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Steam\\steamapps\\nephritos360\\counter-strike\\hl.exe"=
"c:\\Steam\\steamapps\\nephritos360\\day of defeat\\hl.exe"=
"c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58465:TCP"= 58465:TCP:Pando Media Booster
"58465:UDP"= 58465:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.10.2009 6:32 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [29.12.2009 18:57 142592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.9.2011 18:16 974944]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2.6.2011 16:32 812448]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.10.2009 12:29 246520]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [14.1.2011 14:35 196912]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2.6.2011 16:32 24504]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11.6.2010 21:18 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003Core.job
- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 17:48]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-790525478-1417001333-1003UA.job
- c:\documents and settings\Bucooooo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-11 17:48]
.
2011-09-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-790525478-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
2011-09-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-790525478-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Bucooooo\Application Data\Mozilla\Firefox\Profiles\1yjzcod1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-28 19:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-790525478-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:ab,f6,c6,32,83,a5,69,34,7b,46,93,d4,8d,de,2d,96,9f,69,33,3c,86,
d3,50,af,4d,32,f7,74,a0,fc,34,91,6c,5a,45,1c,59,51,18,19,47,ce,01,72,c8,94,\
"rkeysecu"=hex:85,3f,6f,b6,88,8e,bd,60,15,86,32,22,a9,86,48,e5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2996)
c:\program files\Xfire\xfire_toucan_44507.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2011-09-28 19:37:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-28 17:37
ComboFix2.txt 2011-09-28 16:15
.
Pre-Run: 57 381 142 528 bytes free
Post-Run: 31 adresárov, 57 281 650 688 voľných bajtov
.
- - End Of File - - 805FF544ABD03DF29807E0E881B2D6F9
Upload was successful
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalené PC
Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Spomalené PC
je tam poznat rozdiel :] vdaka:]
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalené PC
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?