VIRY.CZ

Zdravným, prosím o pomoc so zavirovaným PC. Celkovo ide strašne pomaly, prehliadač (Mozilla) často nespolupracuje. Vopred ďakujem.
Tu je log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HaSSaN at 2009-12-25 13:42:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 466 MB (5%) free of 10 GB
Total RAM: 511 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:50, on 25. 12. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Programs\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
D:\Programs\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program tools\Keyboard Driver\StartAutorun.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program tools\Keyboard Driver\KMConfig.exe
D:\Program tools\Keyboard Driver\KMProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program tools\Keyboard Driver\KMWDSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
D:\Programs\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\windows\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\windows\system32\wuauclt.exe
D:\Programs\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\Downloads Mozilla\RSIT.exe
C:\Program Files\trend micro\HaSSaN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{871 ... CBE5E923E9}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Programs\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "D:\Programs\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Programs\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\Programs\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programs\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KMCONFIG] D:\Program tools\Keyboard Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [LGPCSuiteLanucher] "d:\Program tools\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" /tray
O4 - HKLM\..\Run: [svhost.exe] C:\Documents and Settings\HaSSaN\Application Data\svhost.exe
O4 - HKLM\..\Run: [w3dr.exe] D:\Games\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\HaSSaN\Local Settings\Application Data\smss.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programs\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programs\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programs\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programs\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c969ac8006f200) (gupdate1c969ac8006f200) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - D:\Program tools\Keyboard Driver\KMWDSrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\Programs\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10068 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\At1.job
C:\windows\tasks\Google Software Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-19 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-19 552960]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - D:\Programs\BitDefender\BitDefender 2008\IEToolbar.dll [2009-03-07 86016]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-03 45056]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-07-16 962560]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-07-11 581632]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=D:\Programs\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"BitDefender Antiphishing Helper"=D:\Programs\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=D:\Programs\BitDefender\BitDefender 2008\bdagent.exe [2009-03-07 368640]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=D:\Programs\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"KMCONFIG"=D:\Program tools\Keyboard Driver\StartAutorun.exe [2008-05-30 212992]
"LGPCSuiteLanucher"=d:\Program tools\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe [2007-08-31 2637824]
"svhost.exe"=C:\Documents and Settings\HaSSaN\Application Data\svhost.exe [2009-09-15 457216]
"w3dr.exe"=D:\Games\Warcraft III\w3dr.exe []
"QuickTime Task"=D:\Programs\QuickTime\qttask.exe [2009-10-22 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2007-01-17 1694208]
"Tok-Cirrhatus"=C:\Documents and Settings\HaSSaN\Local Settings\Application Data\smss.exe []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-09-03 94208]
"DAEMON Tools Lite"=D:\Programs\DAEMON Tools Lite\daemon.exe [2008-02-14 486856]
"PC Suite Tray"=D:\Programs\Nokia\Nokia PC Suite 7\PCSuite.exe -onlytray []

C:\Documents and Settings\HaSSaN\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\HaSSaN\Local Settings\Temp\IXP000.TMP\smwinvnc.exe"="C:\Documents and Settings\HaSSaN\Local Settings\Temp\IXP000.TMP\smwinvnc.exe:*:Enabled:TightVNC Win32 Server"
"D:\Programs\BearShare\BearShare.exe"="D:\Programs\BearShare\BearShare.exe:*:Enabled:BearShare"
"D:\Programs\ApexDC++\ApexDC.exe"="D:\Programs\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"D:\Games\CS 1.6\Counter-Strike 1.6\cstrike.exe"="D:\Games\CS 1.6\Counter-Strike 1.6\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"D:\Games\Warcraft III\lancraft.exe"="D:\Games\Warcraft III\lancraft.exe:*:Enabled:lancraft"
"D:\Programs\Hamachi\hamachi.exe"="D:\Programs\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"D:\Programs\ICQ6\ICQ.exe"="D:\Programs\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Games\GameSpy Arcade\Aphex.exe"="D:\Games\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\Games\LFS Y\LFS.exe"="D:\Games\LFS Y\LFS.exe:*:Enabled:LFS"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"D:\Games\TmNationsForever\TmForever.exe"="D:\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\Downloads ApexDC++\flatout 2\FlatOut2.exe"="D:\Downloads ApexDC++\flatout 2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"D:\Games\Roller Coaster Tycoon 2\rct2.exe"="D:\Games\Roller Coaster Tycoon 2\rct2.exe:*:Enabled:rct2"
"D:\Programs\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="D:\Programs\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Games\RA2\LFS Y\LFS.exe"="D:\Games\RA2\LFS Y\LFS.exe:*:Enabled:LFS"
"D:\Games\RA2\game.exe"="D:\Games\RA2\game.exe:*:Enabled:Main executable for Red Alert 2"
"D:\Games\LFS\LFS.exe"="D:\Games\LFS\LFS.exe:*:Enabled:LFS"
"D:\Programs\AntikVirtualSTB\AntikVirtualSTB.exe"="D:\Programs\AntikVirtualSTB\AntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"
"D:\Programs\Nero ShowTime\ShowTime.exe"="D:\Programs\Nero ShowTime\ShowTime.exe:*:Enabled:Zvuk Windows Media(TM) (wma)"
"D:\Programs\ICQ6.5\ICQ.exe"="D:\Programs\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\ApexDC++\ApexDC.exe"="D:\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"D:\Games\Starcraft\StarCraft.exe"="D:\Games\Starcraft\StarCraft.exe:*:Enabled:StarCraft.exe"
"D:\Games\Warcraft III\euroloader.exe"="D:\Games\Warcraft III\euroloader.exe:*:Enabled:euroloader"
"D:\Games\Warcraft III\war3.exe"="D:\Games\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"G:\Portable\SkypePortable\App\Skype\Phone\Skype.exe"="G:\Portable\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype "
"D:\Programs\Mozilla Firefox\firefox.exe"="D:\Programs\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Games\Worms Armageddon - New Edition\WA.exe"="D:\Games\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon"
"D:\Programs\Sony\Vegas Pro 8.0\VegSrv80.exe"="D:\Programs\Sony\Vegas Pro 8.0\VegSrv80.exe:*:Enabled:Sony Vegas Network Render Service Control"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51dc0246-0e5e-11de-86d6-00e050d7164e}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92e5500b-e899-11dd-864b-00e050d7164e}]
shell\AutoRun\command - H:\USBNB.exe


======List of files/folders created in the last 1 months======

2009-12-25 13:42:10 ----D---- C:\Program Files\trend micro
2009-12-25 13:42:08 ----D---- C:\rsit
2009-12-24 09:52:07 ----D---- C:\Documents and Settings\HaSSaN\Application Data\InstallShield
2009-12-23 07:47:20 ----D---- C:\Program Files\Avanquest update
2009-12-22 15:17:13 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2009-12-22 09:51:25 ----D---- C:\Documents and Settings\All Users\Application Data\AGeeksToy
2009-12-06 15:13:35 ----A---- C:\windows\system32\d3dx9.dll
2009-12-06 15:13:34 ----A---- C:\windows\system32\D3DX81ab.dll
2009-12-02 19:55:51 ----A---- C:\windows\system32\mucltui.dll.mui
2009-12-02 19:55:51 ----A---- C:\windows\system32\mucltui.dll
2009-12-02 19:55:34 ----A---- C:\windows\system32\wucltui.dll.mui
2009-12-02 19:55:34 ----A---- C:\windows\system32\wuaueng.dll.mui
2009-12-02 19:55:34 ----A---- C:\windows\system32\wuapi.dll.mui
2009-12-02 19:55:33 ----D---- C:\windows\system32\SoftwareDistribution
2009-12-01 14:10:43 ----D---- C:\downloads
2009-11-26 16:06:05 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2009-12-25 13:42:46 ----D---- C:\windows\Temp
2009-12-25 13:42:13 ----D---- C:\windows\Prefetch
2009-12-25 13:42:10 ----RD---- C:\Program Files
2009-12-25 13:41:48 ----A---- C:\windows\WINCMD.INI
2009-12-25 13:33:10 ----SD---- C:\windows\Tasks
2009-12-25 12:58:19 ----D---- C:\windows\system32
2009-12-24 23:32:14 ----A---- C:\windows\SchedLgU.Txt
2009-12-24 23:31:50 ----A---- C:\windows\bdagent.INI
2009-12-24 09:56:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-24 09:56:08 ----HD---- C:\windows\inf
2009-12-24 09:56:08 ----DC---- C:\windows\system32\DRVSTORE
2009-12-24 09:54:35 ----D---- C:\windows\system32\CatRoot2
2009-12-24 09:46:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-12-23 22:36:37 ----D---- C:\Documents and Settings\HaSSaN\Application Data\Skype
2009-12-23 21:59:43 ----HD---- C:\LG3G
2009-12-23 20:11:00 ----D---- C:\Documents and Settings\HaSSaN\Application Data\Azureus
2009-12-22 15:16:30 ----D---- C:\WINDOWS
2009-12-22 10:46:05 ----SHD---- C:\windows\Installer
2009-12-22 10:00:18 ----D---- C:\Program Files\Google
2009-12-22 09:49:41 ----D---- C:\Program Files\Mozilla Firefox
2009-12-21 15:00:30 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-20 17:22:09 ----A---- C:\windows\PhotoSnapViewer.INI
2009-12-20 12:02:35 ----D---- C:\Documents and Settings\HaSSaN\Application Data\skypePM
2009-12-20 11:29:35 ----D---- C:\Documents and Settings\HaSSaN\Application Data\Canon
2009-12-19 08:45:45 ----D---- C:\Documents and Settings\HaSSaN\Application Data\Orbit
2009-12-19 08:45:13 ----D---- C:\Program Files\Common Files\DESIGNER
2009-12-19 08:44:03 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-12-19 08:43:59 ----D---- C:\Program Files\Common Files
2009-12-19 08:42:34 ----RSD---- C:\windows\assembly
2009-12-19 08:42:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-19 08:42:27 ----D---- C:\Program Files\Common Files\System
2009-12-19 08:42:10 ----D---- C:\windows\SHELLNEW
2009-12-19 08:42:05 ----RSD---- C:\windows\Fonts
2009-12-19 08:42:01 ----A---- C:\windows\win.ini
2009-12-18 16:06:18 ----A---- C:\windows\NeroDigital.ini
2009-12-10 16:31:53 ----D---- C:\Documents and Settings\HaSSaN\Application Data\dvdcss
2009-12-09 16:02:16 ----D---- C:\Documents and Settings\All Users\Application Data\Toolbar4
2009-12-09 10:23:42 ----D---- C:\Documents and Settings\HaSSaN\Application Data\Mozilla
2009-12-09 10:09:34 ----D---- C:\Documents and Settings
2009-12-08 11:43:57 ----D---- C:\windows\system32\drivers
2009-12-05 10:20:00 ----SD---- C:\Documents and Settings\HaSSaN\Application Data\Microsoft
2009-12-02 21:02:50 ----RSHDC---- C:\windows\system32\dllcache
2009-12-02 19:56:15 ----D---- C:\windows\Help
2009-12-02 19:55:51 ----D---- C:\windows\SoftwareDistribution
2009-11-26 16:06:05 ----RD---- C:\Program Files\Skype
2009-11-26 16:06:02 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2007-01-16 36096]
R1 kbdhid;Keyboard HID Driver; C:\windows\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\windows\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 sf;SFI Service; C:\windows\system32\drivers\sf.sys [2003-05-09 33248]
R2 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\windows\system32\DRIVERS\rspndr.sys [2007-01-16 62336]
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2003-07-03 100256]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\windows\system32\DRIVERS\AN983.sys [2004-08-03 36224]
R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\windows\system32\DRIVERS\bdfndisf.sys [2009-03-07 86792]
R3 bdfsfltr;bdfsfltr; C:\windows\system32\drivers\bdfsfltr.sys [2008-01-07 196368]
R3 BDSelfPr;BDSelfPr; \??\D:\Programs\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2008-10-20 25280]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 SMBios;Intel (R) System Management BIOS Service; C:\windows\system32\DRIVERS\SMBios.sys [2003-10-14 36484]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2003-08-20 593152]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2007-01-16 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 InCDPass;InCDPass; C:\windows\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\windows\system32\drivers\InCDRm.sys []
S3 avh1ma6m;avh1ma6m; C:\windows\system32\drivers\avh1ma6m.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 MidiSyn;MidiSyn; C:\windows\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys []
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\windows\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbbus;LGE Mobile Composite USB Device; C:\windows\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\windows\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\windows\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\windows\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\windows\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S3 Wdf01000;Wdf01000; C:\windows\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\windows\system32\drivers\WmHidLo.sys [2004-04-14 14432]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 InCDFs;InCD File System; C:\windows\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2006-05-03 413696]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; D:\Program tools\Keyboard Driver\KMWDSrv.exe [2008-06-23 208896]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-03-07 1179648]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 VSSERV;BitDefender Virus Shield; D:\Programs\BitDefender\BitDefender 2008\vsserv.exe [2009-03-07 1261568]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-04 14336]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-11-27 86016]
R3 scan;BitDefender Threat Scanner; C:\windows\System32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 gupdate1c969ac8006f200;Google Update Service (gupdate1c969ac8006f200); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

Ahoj, vitaj na fore
Mas tam bordel, taxa donho rovno pustime:

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

ComboFix 09-12-24.02 - HaSSaN . 12. 2009 14:58:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.210 [GMT 1:00]
Running from: c:\documents and settings\HaSSaN\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HaSSaN\Application Data\svhost.exe
c:\documents and settings\HaSSaN\Application Data\svhost1.exe
c:\documents and settings\HaSSaN\Application Data\verzie1.txt
c:\documents and settings\HaSSaN\Favorites\Cheap Pharmacy Online.url
c:\documents and settings\HaSSaN\Favorites\Search Online.url
c:\documents and settings\HaSSaN\Favorites\VIP Casino.url
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-1
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-2
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-24
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-25
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-26
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-27
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-28
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-3
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-4
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-5
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-6
c:\documents and settings\HaSSaN\Local Settings\Application Data\Bron.tok-12-7
c:\documents and settings\HaSSaN\Local Settings\Application Data\BronFoldNetDomList.txt
c:\documents and settings\HaSSaN\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\documents and settings\HaSSaN\Local Settings\Application Data\ListHost12.txt
c:\documents and settings\HaSSaN\Start Menu\Cheap Pharmacy Online.url
c:\documents and settings\HaSSaN\Start Menu\Programs\PlayMP3z
c:\documents and settings\HaSSaN\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
c:\documents and settings\HaSSaN\Start Menu\Search Online.url
c:\documents and settings\HaSSaN\Start Menu\VIP Casino.url
c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-12-2
c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-12-25
c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-12-26
c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-12-27
c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok-12-3
c:\documents and settings\NetworkService\Local Settings\Application Data\Bron.tok.A12.em.bin
c:\documents and settings\NetworkService\Local Settings\Application Data\BronFoldNetDomList.txt
c:\documents and settings\NetworkService\Local Settings\Application Data\BronNetDomList.bat
c:\documents and settings\NetworkService\Local Settings\Application Data\Kosong.Bron.Tok.txt
c:\documents and settings\NetworkService\Local Settings\Application Data\ListHost12.txt
c:\documents and settings\NetworkService\Local Settings\Application Data\Update.12.Bron.Tok.bin
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\FBrowserAdvisor
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\PlayMP3z
c:\program files\PlayMP3z\uninstall.exe
c:\windows\system32\c.ico
c:\windows\system32\m.ico
c:\windows\system32\s.ico

.
((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
.

2009-12-25 12:42 . 2009-12-25 12:42 -------- d-----w- c:\program files\trend micro
2009-12-25 12:42 . 2009-12-25 12:42 -------- d-----w- C:\rsit
2009-12-24 08:52 . 2009-12-24 08:52 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\InstallShield
2009-12-23 06:47 . 2009-12-23 06:47 -------- d-----w- c:\program files\Avanquest update
2009-12-22 14:17 . 2009-12-22 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-12-22 08:51 . 2009-12-22 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AGeeksToy
2009-12-09 09:09 . 2009-12-09 09:09 -------- d-----w- c:\documents and settings\Homeless\LOCALS~1
2009-12-09 09:09 . 2009-12-09 09:09 -------- d-----w- c:\documents and settings\Homeless
2009-12-06 14:13 . 2007-12-26 16:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-12-06 14:13 . 2007-12-26 16:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-12-02 18:55 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-01 13:10 . 2009-12-01 13:10 -------- d-----w- C:\downloads
2009-11-30 15:46 . 2009-11-30 15:46 3296 ----a-w- c:\documents and settings\HaSSaN\Local Settings\Application Data\config.dat
2009-11-26 15:06 . 2009-11-26 15:06 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 13:51 . 2009-03-07 15:09 81984 ----a-w- c:\windows\system32\bdod.bin
2009-12-25 09:49 . 2008-12-29 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-24 08:56 . 2008-10-11 18:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 21:36 . 2009-10-29 14:36 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Skype
2009-12-23 19:11 . 2009-01-02 10:39 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Azureus
2009-12-22 09:00 . 2008-12-29 11:55 -------- d-----w- c:\program files\Google
2009-12-22 08:49 . 2009-11-14 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Toolbar4
2009-12-21 22:08 . 2008-10-10 23:04 49008 ----a-w- c:\documents and settings\HaSSaN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 14:00 . 2009-11-11 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-20 11:02 . 2008-10-11 02:38 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\skypePM
2009-12-20 10:30 . 2008-11-17 11:24 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Canon
2009-12-19 07:45 . 2009-11-17 16:31 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Orbit
2009-12-19 07:44 . 2009-11-18 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-10 15:31 . 2008-10-17 10:50 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\dvdcss
2009-12-02 08:45 . 2009-11-24 17:05 79488 ----a-w- c:\documents and settings\HaSSaN\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-26 15:06 . 2008-10-11 22:19 -------- d-----r- c:\program files\Skype
2009-11-26 15:06 . 2008-10-11 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-24 15:18 . 2009-11-24 15:18 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-22 14:08 . 2008-10-12 01:55 -------- d-----w- c:\program files\Microsoft.NET
2009-11-22 14:08 . 2009-11-22 14:03 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-22 14:07 . 2009-11-22 14:07 -------- d-----w- c:\program files\MSXML 6.0
2009-11-18 16:19 . 2009-11-18 16:10 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Nokia
2009-11-18 16:12 . 2009-11-18 16:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-11-18 16:12 . 2009-11-18 16:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-11-18 16:12 . 2009-11-18 16:11 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\PC Suite
2009-11-18 16:11 . 2009-11-18 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-11-18 16:11 . 2009-11-18 16:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-18 16:11 . 2009-11-18 16:11 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-18 16:10 . 2009-11-18 16:08 -------- d-----w- c:\program files\DIFX
2009-11-18 16:05 . 2009-11-18 16:05 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-18 16:05 . 2009-11-18 16:05 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-18 16:05 . 2009-11-18 16:05 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-18 16:05 . 2009-11-18 16:05 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-18 16:04 . 2009-11-18 16:05 33911376 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_slk_web.exe
2009-11-18 16:04 . 2009-11-18 16:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-11-18 16:04 . 2009-11-18 16:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-17 16:31 . 2009-11-17 16:31 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\GrabPro
2009-11-14 16:02 . 2009-11-14 16:02 -------- d-----w- c:\program files\WinPcap
2009-11-14 15:53 . 2009-11-14 15:53 1069 ----a-w- c:\windows\system32\unins000.dat
2009-11-14 15:53 . 2009-11-14 15:53 695578 ----a-w- c:\windows\system32\unins000.exe
2009-11-14 15:07 . 2009-11-14 15:07 26694 ----a-r- c:\documents and settings\HaSSaN\Application Data\Microsoft\Installer\{446E684C-A48C-4A67-89F7-824B63F96153}\_D72106D85CB38188D5EFB4.exe
2009-11-13 19:10 . 2008-10-20 13:15 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Hamachi
2009-11-09 16:06 . 2009-11-09 16:06 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Betting Assistant
2009-10-29 17:56 . 2008-11-01 08:00 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\ICQ
2009-10-27 12:52 . 2009-08-20 07:58 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\OpenOffice.org2
2009-10-20 18:19 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll
2009-10-20 18:19 . 2009-10-20 18:19 100880 ----a-w- c:\windows\system32\Packet.dll
2009-10-20 18:19 . 2009-10-20 18:19 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2009-10-20 18:19 . 2009-10-20 18:19 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2009-10-18 16:31 . 2009-10-18 16:16 67882 ----a-w- c:\windows\War3Unin.dat
2009-10-18 16:29 . 2009-10-18 16:16 2829 ----a-w- c:\windows\War3Unin.pif
2009-10-18 16:29 . 2009-10-18 16:16 139264 ----a-w- c:\windows\War3Unin.exe
2009-10-17 20:00 . 2009-06-05 18:07 4141117 ----a-w- c:\documents and settings\HaSSaN\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2009-10-17 20:00 . 2009-06-05 18:07 6516755 ----a-w- c:\documents and settings\HaSSaN\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-10-09 07:25 . 2009-10-09 07:25 26624 ----a-r- c:\documents and settings\HaSSaN\Application Data\Microsoft\Installer\{6910C412-A523-493C-BC22-0213CD7F4F3A}\Icon6910C412.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-01-17 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-07-16 962560]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="d:\programs\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"BitDefender Antiphishing Helper"="d:\programs\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="d:\programs\BitDefender\BitDefender 2008\bdagent.exe" [2009-03-07 368640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="d:\programs\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"KMCONFIG"="d:\program tools\Keyboard Driver\StartAutorun.exe" [2008-05-29 212992]
"LGPCSuiteLanucher"="d:\program tools\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" [2007-08-31 2637824]
"QuickTime Task"="d:\programs\QuickTime\qttask.exe" [2009-10-22 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\HaSSaN\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2009-3-11 225280]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programs\\ApexDC++\\ApexDC.exe"=
"d:\\Games\\CS 1.6\\Counter-Strike 1.6\\cstrike.exe"=
"d:\\Programs\\Hamachi\\hamachi.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programs\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Games\\LFS\\LFS.exe"=
"d:\\Programs\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"d:\\Programs\\Nero ShowTime\\ShowTime.exe"=
"d:\\Programs\\ICQ6.5\\ICQ.exe"=
"d:\\Games\\Warcraft III\\euroloader.exe"=
"d:\\Games\\Warcraft III\\war3.exe"=
"d:\\Programs\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:*:Disabled:BroadCam Web Server

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [17. 10. 2009 20:56 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [17. 10. 2009 20:57 234888]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;d:\program tools\Keyboard Driver\KMWDSrv.exe [23. 6. 2008 20:28 208896]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20. 10. 2009 19:19 50704]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12. 11. 2007 16:27 86792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12. 10. 2008 2:51 717296]
S2 gupdate1c969ac8006f200;Google Update Service (gupdate1c969ac8006f200);c:\program files\Google\Update\GoogleUpdate.exe [29. 12. 2008 12:56 133104]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10. 2. 2007 5:29 29178224]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23. 4. 2007 13:54 83208]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23. 4. 2007 13:54 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
mStart Page = hxxp://www.bigseekpro.com/hypercam/{871F0CC4-4 ... CBE5E923E9}
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - d:\programs\MICROS~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\HaSSaN\Application Data\Mozilla\Firefox\Profiles\nrq052fw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\programs\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programs\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programs\VideoLAN\VLC\npvlc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{1800D3F8-4FB4-4423-B929-F06775FF9CA2} - (no file)
HKCU-Run-PC Suite Tray - d:\programs\Nokia\Nokia PC Suite 7\PCSuite.exe
HKLM-Run-w3dr.exe - d:\games\Warcraft III\w3dr.exe
AddRemove-Mafia Mission Pack_is1 - d:\games\Mafia\Mafia\unins000.exe
AddRemove-WOLAPI - d:\games\RA2\Internet\UnstllAP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 15:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1390067357-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:d3,ac,c2,19,1e,84,00,fb,a2,95,ee,b5,b6,91,2b,55,13,93,7c,56,be,
62,c1,7f,82,57,c3,fa,65,33,1d,26,46,ac,fc,31,97,e6,18,95,ef,3d,1c,0a,b3,0d,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-25 15:13:15
ComboFix-quarantined-files.txt 2009-12-25 14:13

Pre-Run: 417 730 560 bytes free
Post-Run: 1 933 164 544 bytes free

- - End Of File - - 710E43361039C7BF6F1FE74FB03941F6

Firewall som vypol aj antivir ale aj tak sa úplne nevypol. Dúfam, že to bude OK.

Vadí keď 2x vypadol prúd a reštartoval sa komp?

1) Odinstaluj PowerReg Scheduler (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.



2) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.[/b]

Ten PowerReg Schedul som musel klasicky odstrániť, nebol v žiadnom registri. Inak ostatne OK.
Log:

ComboFix 09-12-24.02 - HaSSaN . 12. 2009 17:55:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.297 [GMT 1:00]
Running from: c:\documents and settings\HaSSaN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HaSSaN\Desktop\CFScript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\016F8F17
c:\program files\AskBarDis\bar\Cache\016F92B1.bin
c:\program files\AskBarDis\bar\Cache\016F9580.bin
c:\program files\AskBarDis\bar\Cache\016F97B2.bin
c:\program files\AskBarDis\bar\Cache\016F98EB.bin
c:\program files\AskBarDis\bar\Cache\016F9AC0.bin
c:\program files\AskBarDis\bar\Cache\016F9C17.bin
c:\program files\AskBarDis\bar\Cache\016F9D31.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Service_ASKService
-------\Service_ASKUpgrade


((((((((((((((((((((((((( Files Created from 2009-11-25 to 2009-12-25 )))))))))))))))))))))))))))))))
.

2009-12-25 16:35 . 2009-12-25 16:35 -------- d-----w- c:\program files\VS Revo Group
2009-12-25 12:42 . 2009-12-25 12:42 -------- d-----w- c:\program files\trend micro
2009-12-25 12:42 . 2009-12-25 12:42 -------- d-----w- C:\rsit
2009-12-24 08:52 . 2009-12-24 08:52 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\InstallShield
2009-12-23 06:47 . 2009-12-23 06:47 -------- d-----w- c:\program files\Avanquest update
2009-12-22 14:17 . 2009-12-22 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-12-22 08:51 . 2009-12-22 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AGeeksToy
2009-12-09 09:09 . 2009-12-09 09:09 -------- d-----w- c:\documents and settings\Homeless\LOCALS~1
2009-12-09 09:09 . 2009-12-09 09:09 -------- d-----w- c:\documents and settings\Homeless
2009-12-06 14:13 . 2007-12-26 16:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-12-06 14:13 . 2007-12-26 16:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-12-02 18:55 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-01 13:10 . 2009-12-01 13:10 -------- d-----w- C:\downloads
2009-11-30 15:46 . 2009-11-30 15:46 3296 ----a-w- c:\documents and settings\HaSSaN\Local Settings\Application Data\config.dat
2009-11-26 15:06 . 2009-11-26 15:06 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 16:53 . 2009-03-07 15:09 81984 ----a-w- c:\windows\system32\bdod.bin
2009-12-25 09:49 . 2008-12-29 11:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-24 08:56 . 2008-10-11 18:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-23 21:36 . 2009-10-29 14:36 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Skype
2009-12-23 19:11 . 2009-01-02 10:39 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Azureus
2009-12-22 09:00 . 2008-12-29 11:55 -------- d-----w- c:\program files\Google
2009-12-22 08:49 . 2009-11-14 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Toolbar4
2009-12-21 22:08 . 2008-10-10 23:04 49008 ----a-w- c:\documents and settings\HaSSaN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 14:00 . 2009-11-11 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-20 11:02 . 2008-10-11 02:38 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\skypePM
2009-12-20 10:30 . 2008-11-17 11:24 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Canon
2009-12-19 07:45 . 2009-11-17 16:31 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Orbit
2009-12-19 07:44 . 2009-11-18 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-10 15:31 . 2008-10-17 10:50 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\dvdcss
2009-12-02 08:45 . 2009-11-24 17:05 79488 ----a-w- c:\documents and settings\HaSSaN\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-26 15:06 . 2008-10-11 22:19 -------- d-----r- c:\program files\Skype
2009-11-26 15:06 . 2008-10-11 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-24 15:18 . 2009-11-24 15:18 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-22 14:08 . 2008-10-12 01:55 -------- d-----w- c:\program files\Microsoft.NET
2009-11-22 14:08 . 2009-11-22 14:03 -------- d-----w- c:\program files\Microsoft SQL Server
2009-11-22 14:07 . 2009-11-22 14:07 -------- d-----w- c:\program files\MSXML 6.0
2009-11-18 16:19 . 2009-11-18 16:10 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Nokia
2009-11-18 16:12 . 2009-11-18 16:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-11-18 16:12 . 2009-11-18 16:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-11-18 16:12 . 2009-11-18 16:11 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\PC Suite
2009-11-18 16:11 . 2009-11-18 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-11-18 16:11 . 2009-11-18 16:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-11-18 16:11 . 2009-11-18 16:11 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-18 16:10 . 2009-11-18 16:08 -------- d-----w- c:\program files\DIFX
2009-11-18 16:05 . 2009-11-18 16:05 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-18 16:05 . 2009-11-18 16:05 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-18 16:05 . 2009-11-18 16:05 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-18 16:05 . 2009-11-18 16:05 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-18 16:04 . 2009-11-18 16:05 33911376 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_slk_web.exe
2009-11-18 16:04 . 2009-11-18 16:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-11-18 16:04 . 2009-11-18 16:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-17 16:31 . 2009-11-17 16:31 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\GrabPro
2009-11-14 16:02 . 2009-11-14 16:02 -------- d-----w- c:\program files\WinPcap
2009-11-14 15:53 . 2009-11-14 15:53 1069 ----a-w- c:\windows\system32\unins000.dat
2009-11-14 15:53 . 2009-11-14 15:53 695578 ----a-w- c:\windows\system32\unins000.exe
2009-11-14 15:07 . 2009-11-14 15:07 26694 ----a-r- c:\documents and settings\HaSSaN\Application Data\Microsoft\Installer\{446E684C-A48C-4A67-89F7-824B63F96153}\_D72106D85CB38188D5EFB4.exe
2009-11-13 19:10 . 2008-10-20 13:15 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Hamachi
2009-11-09 16:06 . 2009-11-09 16:06 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\Betting Assistant
2009-10-29 17:56 . 2008-11-01 08:00 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\ICQ
2009-10-27 12:52 . 2009-08-20 07:58 -------- d-----w- c:\documents and settings\HaSSaN\Application Data\OpenOffice.org2
2009-10-20 18:19 . 2009-10-20 18:19 281104 ----a-w- c:\windows\system32\wpcap.dll
2009-10-20 18:19 . 2009-10-20 18:19 100880 ----a-w- c:\windows\system32\Packet.dll
2009-10-20 18:19 . 2009-10-20 18:19 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2009-10-20 18:19 . 2009-10-20 18:19 53299 ----a-w- c:\windows\system32\pthreadVC.dll
2009-10-18 16:31 . 2009-10-18 16:16 67882 ----a-w- c:\windows\War3Unin.dat
2009-10-18 16:29 . 2009-10-18 16:16 2829 ----a-w- c:\windows\War3Unin.pif
2009-10-18 16:29 . 2009-10-18 16:16 139264 ----a-w- c:\windows\War3Unin.exe
2009-10-17 20:00 . 2009-06-05 18:07 4141117 ----a-w- c:\documents and settings\HaSSaN\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2009-10-17 20:00 . 2009-06-05 18:07 6516755 ----a-w- c:\documents and settings\HaSSaN\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-10-09 07:25 . 2009-10-09 07:25 26624 ----a-r- c:\documents and settings\HaSSaN\Application Data\Microsoft\Installer\{6910C412-A523-493C-BC22-0213CD7F4F3A}\Icon6910C412.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-12-25_14.10.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-25 17:01 . 2009-12-25 17:01 16384 c:\windows\temp\Perflib_Perfdata_19c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2007-01-17 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"DAEMON Tools Lite"="d:\programs\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-07-16 962560]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="d:\programs\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"BitDefender Antiphishing Helper"="d:\programs\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="d:\programs\BitDefender\BitDefender 2008\bdagent.exe" [2009-03-07 368640]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="d:\programs\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"KMCONFIG"="d:\program tools\Keyboard Driver\StartAutorun.exe" [2008-05-29 212992]
"LGPCSuiteLanucher"="d:\program tools\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" [2007-08-31 2637824]
"QuickTime Task"="d:\programs\QuickTime\qttask.exe" [2009-10-22 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programs\\ApexDC++\\ApexDC.exe"=
"d:\\Games\\CS 1.6\\Counter-Strike 1.6\\cstrike.exe"=
"d:\\Programs\\Hamachi\\hamachi.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Programs\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Games\\LFS\\LFS.exe"=
"d:\\Programs\\AntikVirtualSTB\\AntikVirtualSTB.exe"=
"d:\\Programs\\Nero ShowTime\\ShowTime.exe"=
"d:\\Programs\\ICQ6.5\\ICQ.exe"=
"d:\\Games\\Warcraft III\\euroloader.exe"=
"d:\\Games\\Warcraft III\\war3.exe"=
"d:\\Programs\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:*:Disabled:BroadCam Web Server

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12. 10. 2008 2:51 717296]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;d:\program tools\Keyboard Driver\KMWDSrv.exe [23. 6. 2008 20:28 208896]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20. 10. 2009 19:19 50704]
S2 gupdate1c969ac8006f200;Google Update Service (gupdate1c969ac8006f200);c:\program files\Google\Update\GoogleUpdate.exe [29. 12. 2008 12:56 133104]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10. 2. 2007 5:29 29178224]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23. 4. 2007 13:54 83208]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23. 4. 2007 13:54 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - d:\programs\MICROS~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\HaSSaN\Application Data\Mozilla\Firefox\Profiles\nrq052fw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/firefox?client=firefox-a& ... s:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\programs\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programs\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programs\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: d:\programs\VideoLAN\VLC\npvlc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 18:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8236B1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf857bf10
\Driver\ACPI -> ACPI.sys @ 0xf83d6cb8
\Driver\atapi -> prosync1.sys @ 0xf8a416c1
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x80599b06
ParseProcedure -> ntoskrnl.exe @ 0x8057d886
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x80599b06
ParseProcedure -> ntoskrnl.exe @ 0x8057d886
NDIS: ADMtek AN983 10/100 PCI Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf8263af9
PacketIndicateHandler -> NDIS.sys @ 0xf826eb21
SendHandler -> NDIS.sys @ 0xf8263938
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1390067357-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:d3,ac,c2,19,1e,84,00,fb,a2,95,ee,b5,b6,91,2b,55,13,93,7c,56,be,
62,c1,7f,82,57,c3,fa,65,33,1d,26,46,ac,fc,31,97,e6,18,95,ef,3d,1c,0a,b3,0d,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1076)
d:\programs\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program tools\Keyboard Driver\KMConfig.exe
c:\program files\Java\jre6\bin\jqs.exe
d:\program tools\Keyboard Driver\KMProcess.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-12-25 18:08:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-25 17:08
ComboFix2.txt 2009-12-25 14:13

Pre-Run: 1 967 177 728 bytes free
Post-Run: 1 847 959 552 bytes free

- - End Of File - - 79C1432F5BCEA7E0AC9C30F49551B04C

Ak je to všetko tak vďaka veľmi pekne.

Este cosi

1) Stiahni Defogger. Spust, klik na "Disable" -> "OK". V mieste spustenia by sa mal zjavit log, ten sem vloz.


2) Start -> Spustit -> (napis) cmd /c mbr.exe -t >log.txt&start log.txt
Otvori sa textak (log.txt), aj jeho obsah sem skopiruj.

defogger_disable by jpshortstuff (28.11.09.2)
Log created at 10:35 on 28/12/2009 (HaSSaN)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

Super.

1) Docistime to:

• Odinstaluj Combofix:
  Start -> Spustit -> (napis) combofix /uninstall

• Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).

• Precisti PC CCleanerom (vratane registrov).

• Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.

->

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:17:47, on 2. 1. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Programs\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program tools\Keyboard Driver\KMWDSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program tools\Keyboard Driver\StartAutorun.exe
D:\Program tools\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe
D:\Program tools\Keyboard Driver\KMConfig.exe
D:\Programs\QuickTime\qttask.exe
C:\windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program tools\Keyboard Driver\KMProcess.exe
D:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\totalcmd\TOTALCMD.EXE
C:\windows\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programs\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KMCONFIG] D:\Program tools\Keyboard Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [LGPCSuiteLanucher] "d:\Program tools\LG PC Suite 2\LGPCSuiteLanucher_Setup.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programs\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programs\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programs\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Programs\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Update Service (gupdate1c969ac8006f200) (gupdate1c969ac8006f200) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - D:\Program tools\Keyboard Driver\KMWDSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8771 bytes

1) Fixni v HJT (zasrktni stvorcek pri danom riadku a stlac "Fix Checked"):
2) Odinstaluj AVG Anti-Spyware (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.


3) Doinstaluj poriadny firewall a antispyware (ten od AVG radsej nie, mame aj lepsie softy).


4) Updatuj Adobe Reader (poslednu verziu najdes >>tu<<).


5) Skopiruj do poznamkoveho bloku:
Uloz ako del.bat (typ vsetky subory) na plochu a spust.

OK, mam to. To bude asi všetko. Diki veľmi pekne a šťastný Nový rok.

Rado sa stalo