VIRY.CZ

Vše začalo tím, že se mi do počítače dostal jakýsi "Spydefense", software, který se tvářil jako antivirový program, začal mi hlásit mnoho pozitivních nálezů a nabízel mi pomoc za malý poplatek. V tu chvíli jsem zjistil, že nefunguje Spybot (respektive když ho spustím, spybot.exe zůstane jenom viset v procesech). Nakonec jsem se problému zbavil pomocí Ad-aware. Jenže od té doby mi počítač zamrzá bez ohledu na to co zrovna dělám, a spybot stále nelze spustit. Ve chvíli, když počítač zamrzne nereaguje na žádné podněty a musím jej natvrdo vypnout.

Prosím pomozte.

Tady je RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by jmartinec at 2009-12-31 19:40:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 44 GB (29%) free of 153 GB
Total RAM: 3066 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:49, on 31.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\pstartSr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\jmartinec\My Documents\Stažené soubory\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\trend micro\jmartinec.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://enterpriseportal.Blender.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15183&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://enterpriseportal.Blender.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://enterpriseportal.Blender.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by The 3D Blender Company
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://eigweb.emea.wdpr.Blender.com/misc/auto.pac
O1 - Hosts: 75.101.138.128 we9stun.winning-eleven.net
O1 - Hosts: 5.182.202.111 pes6gate-ec.winning-eleven.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [DI-Tag-Systray] C:\Program Files\TWDC\DI-Tag\DI-Tag-Refresh.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Korean IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: autostart.bat (User 'Default user')
O4 - Global Startup: DisablePst.lnk = C:\WINDOWS\regedit.exe
O4 - Global Startup: set_ss_xp.vbs.lnk = C:\Documents and Settings\All Users\Application Data\Microsoft\set_screensaver_xp.vbs
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.wdpr.Blender.com
O17 - HKLM\Software\..\Telephony: DomainName = emea.wdpr.Blender.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.wdpr.Blender.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = eur.wds.Blender.com,emea.wdpr.Blender.com,wdpr.Blender.com,Blender.com,apac.wdpr.Blender.com,ltam.wdpr.Blender.com,swna.wdpr.Blender.com,dlp.Blender.com,uk.online.Blender.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.wdpr.Blender.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = eur.wds.Blender.com,emea.wdpr.Blender.com,wdpr.Blender.com,Blender.com,apac.wdpr.Blender.com,ltam.wdpr.Blender.com,swna.wdpr.Blender.com,dlp.Blender.com,uk.online.Blender.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = eur.wds.Blender.com,emea.wdpr.Blender.com,wdpr.Blender.com,Blender.com,apac.wdpr.Blender.com,ltam.wdpr.Blender.com,swna.wdpr.Blender.com,dlp.Blender.com,uk.online.Blender.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: AMINIT.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11762 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-07 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"Check Point Endpoint Tray Application"=C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe [2008-08-08 75248]
"Pointsec Tray"=C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe [2008-08-12 813616]
"DI-Tag-Systray"=C:\Program Files\TWDC\DI-Tag\DI-Tag-Refresh.exe [2006-05-17 40960]
"atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-09-07 408088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-07 148888]
"AClntUsr"=C:\Program Files\Altiris\AClient\AClntUsr.EXE [2009-12-31 184320]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"Korean IME Migration"=C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE [2006-10-26 26400]
"McAfee Host Intrusion Prevention Tray"=C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2008-10-30 972096]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MP4 Player"=C:\Program Files\MP4 Player\mp4Player.exe [2007-09-19 639488]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DisablePst.lnk - C:\WINDOWS\regedit.exe
set_ss_xp.vbs.lnk - C:\Documents and Settings\All Users\Application Data\Microsoft\set_screensaver_xp.vbs
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" AMINIT.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-18 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoVisualStyleChoice"=0
"NoColorChoice"=0
"NoSizeChoice"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=Access Warning!
"legalnoticetext"=This system is for the use of authorized users only. Individuals using this network / computer system without authority or in excess of their authority are subject to having all of their activity on this system monitored and recorded by system personnel. In the course of monitoring individuals improperly using this network / system or in the course of system operation or maintenance for the purpose of protecting the rights or property of the system provider the activities of authorized
users may be monitored. Anyone using this network / system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity system personnel may provide the resulting evidence to law enforcement officials.
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoThemesTab"=1
"NoWindowsUpdate"=1
"NoRecentDocsNetHood"=1
"DisablePersonalDirChange"=1
"NoActiveDesktop"=1
"NoWelcomeScreen"=1
"ForceStartMenuLogOff"=1
"NoSimpleStartMenu"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceStartMenuLogOff"=
"LockTaskbar"=
"NoMSAppLogo5ChannelNotify"=
"NoToolbarCustomize"=
"NoBandCustomize"=
"NoOnlinePrintsWizard"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\KONAMI\Pro Evolution Soccer 6\pes6.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 6\pes6.exe:*:Enabled:Pro Evolution Soccer 6"
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-31 19:40:15 ----D---- C:\rsit
2009-12-31 19:40:15 ----D---- C:\Program Files\trend micro
2009-12-31 19:19:58 ----D---- C:\Program Files\CCleaner
2009-12-30 20:37:49 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-12-30 20:28:26 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-30 20:28:14 ----D---- C:\Program Files\Lavasoft
2009-12-30 20:28:14 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-12-30 20:20:20 ----D---- C:\WINDOWS\SxsCaPendDel
2009-12-30 15:59:44 ----D---- C:\Program Files\Cinemax
2009-12-30 14:16:01 ----D---- C:\Program Files\ESET
2009-12-30 13:40:20 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-12-30 13:39:30 ----D---- C:\Program Files\Common Files\iS3
2009-12-30 13:39:30 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-12-30 13:21:54 ----A---- C:\WINDOWS\system32\krl32mainweq.dll
2009-12-30 13:19:26 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2009-12-28 21:23:23 ----D---- C:\Program Files\Common Files\Pinnacle
2009-12-28 21:22:32 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
2009-12-28 21:17:28 ----D---- C:\Program Files\Common Files\Pegasus Imaging
2009-12-28 21:17:26 ----D---- C:\Program Files\Common Files\Yahoo!
2009-12-28 21:17:26 ----D---- C:\Documents and Settings\All Users\Application Data\Studio 14
2009-12-28 21:17:26 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
2009-12-28 17:53:43 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-12-28 17:53:23 ----D---- C:\WINDOWS\system32\de-DE
2009-12-28 17:49:20 ----D---- C:\5498d4549e722309cb9a82bc38
2009-12-28 17:39:07 ----D---- C:\Program Files\DAEMON Tools Lite
2009-12-28 16:14:34 ----D---- C:\Program Files\Pinnacle
2009-12-28 16:13:48 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle
2009-12-28 16:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2009-12-25 12:13:32 ----RHD---- C:\Documents and Settings\jmartinec\Application Data\SecuROM
2009-12-24 22:56:24 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-12-24 22:56:23 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-12-22 16:06:53 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-09 17:16:21 ----A---- C:\wiki.txt
2009-12-04 21:39:40 ----D---- C:\Documents and Settings\All Users\Application Data\BioWare
2009-12-04 19:47:50 ----D---- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
2009-12-02 10:38:50 ----D---- C:\Program Files\Winamp
2009-12-02 10:38:50 ----D---- C:\Documents and Settings\jmartinec\Application Data\Winamp
2009-12-01 20:15:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-01 20:15:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2009-12-31 19:40:26 ----D---- C:\WINDOWS\system32
2009-12-31 19:40:15 ----RD---- C:\Program Files
2009-12-31 19:38:34 ----D---- C:\Program Files\Mozilla Firefox
2009-12-31 19:38:14 ----D---- C:\WINDOWS
2009-12-31 19:36:59 ----D---- C:\WINDOWS\Temp
2009-12-31 19:36:46 ----SD---- C:\WINDOWS\Tasks
2009-12-31 19:35:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-31 19:35:39 ----A---- C:\WINDOWS\system32\log.txt
2009-12-31 19:21:01 ----D---- C:\WINDOWS\Minidump
2009-12-31 19:21:01 ----D---- C:\WINDOWS\Debug
2009-12-31 19:16:00 ----A---- C:\WINDOWS\WINCMD.INI
2009-12-31 16:32:16 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-12-31 14:50:27 ----D---- C:\Documents and Settings\jmartinec\Application Data\Skype
2009-12-31 13:51:41 ----D---- C:\Program Files\Mozilla Thunderbird
2009-12-31 12:26:05 ----D---- C:\Documents and Settings\jmartinec\Application Data\ICQ
2009-12-31 12:25:43 ----D---- C:\Documents and Settings\jmartinec\Application Data\skypePM
2009-12-31 12:20:23 ----HD---- C:\WINDOWS\inf
2009-12-30 20:31:42 ----D---- C:\WINDOWS\system32\drivers
2009-12-30 20:31:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-30 20:28:26 ----SHD---- C:\WINDOWS\Installer
2009-12-30 20:28:09 ----D---- C:\WINDOWS\WinSxS
2009-12-30 16:53:20 ----D---- C:\Documents and Settings\All Users\Application Data\TrackMania
2009-12-30 15:58:51 ----D---- C:\WINDOWS\system32\Restore
2009-12-30 15:54:41 ----D---- C:\Games
2009-12-30 14:16:52 ----D---- C:\WINDOWS\Prefetch
2009-12-30 14:16:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-30 13:40:01 ----D---- C:\Documents and Settings
2009-12-30 13:39:30 ----D---- C:\Program Files\Common Files
2009-12-30 12:47:26 ----D---- C:\Program Files\ICQ6.5
2009-12-29 14:53:26 ----D---- C:\!!!!FLASHDISK
2009-12-29 14:48:29 ----D---- C:\Music
2009-12-29 14:48:18 ----D---- C:\My Data
2009-12-28 22:12:23 ----A---- C:\WINDOWS\win.ini
2009-12-28 22:12:23 ----A---- C:\WINDOWS\system.ini
2009-12-28 21:21:06 ----RSD---- C:\WINDOWS\Fonts
2009-12-28 21:06:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-28 18:53:05 ----RSD---- C:\WINDOWS\assembly
2009-12-28 18:52:44 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-28 17:50:31 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-28 17:50:27 ----D---- C:\WINDOWS\system32\en-US
2009-12-28 17:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-12-28 17:34:21 ----RD---- C:\Program Files\Skype
2009-12-28 17:32:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-28 17:32:07 ----D---- C:\Program Files\Altitude
2009-12-28 17:31:09 ----D---- C:\Program Files\Common Files\ArcSoft
2009-12-28 16:11:40 ----D---- C:\WINDOWS\system32\mui
2009-12-28 16:05:17 ----D---- C:\Install
2009-12-25 12:13:32 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-12-25 12:11:59 ----D---- C:\WINDOWS\system32\DirectX
2009-12-24 18:47:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-23 13:15:35 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-12-21 19:53:44 ----D---- C:\Program Files\coolpro2
2009-12-19 20:15:49 ----D---- C:\Documents and Settings\jmartinec\Application Data\Adobe
2009-12-19 20:15:48 ----D---- C:\Documents and Settings\jmartinec\Application Data\Macromedia
2009-12-19 20:15:47 ----D---- C:\WINDOWS\system32\Macromed
2009-12-04 19:47:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-04 19:28:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-04 19:27:07 ----D---- C:\Program Files\Internet Explorer
2009-12-03 22:24:12 ----A---- C:\WINDOWS\system32\KevlarSigs.dll
2009-12-02 16:03:26 ----D---- C:\Fraps

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FireTDI;McAfee HIP Component FireTDI; \??\C:\WINDOWS\system32\Drivers\FireTDI.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-05-19 63728]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver; C:\WINDOWS\system32\DRIVERS\CdpPacket.sys [2009-04-23 35691]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-04-09 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-18 3103232]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\WINDOWS\System32\Drivers\ATSwpWDF.sys [2008-08-15 480640]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2008-11-26 764416]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-06-13 243856]
R3 FirehkMP;FirehkMP; C:\WINDOWS\system32\DRIVERS\firehk.sys [2008-10-30 42056]
R3 firelm01;firelm01; \??\C:\WINDOWS\system32\drivers\firelm01.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-26 40832]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-04-09 985472]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-04-09 210560]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-25 3630080]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 tpm;tpm; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-03-26 13824]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-04-09 731264]
S3 acohzwdk;acohzwdk; C:\WINDOWS\system32\drivers\acohzwdk.sys []
S3 AlKernel;Altiris Kernel Driver; C:\WINDOWS\System32\Drivers\AlKernel.sys [2009-11-10 2401]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2009-06-17 29192]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-06-09 47272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 Firehk;McAfee NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\firehk.sys [2008-10-30 42056]
S3 HIPK;McAfee Inc. HIPK; C:\WINDOWS\system32\drivers\HIPK.sys [2008-10-30 108280]
S3 HIPPSK;McAfee Inc. HIPPSK; C:\WINDOWS\system32\drivers\HIPPSK.sys [2008-10-30 37400]
S3 HIPQK;McAfee Inc. HIPQK; C:\WINDOWS\system32\drivers\HIPQK.sys [2008-10-30 34432]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2009-06-17 25480]
S3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-05-19 75704]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-05-19 91640]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-05-19 43288]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2009-05-19 65224]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 uxkx1;ASUS My Cinema U3100 Mini DVBT; C:\WINDOWS\system32\DRIVERS\uxkx1.sys [2008-02-15 459264]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Altiris\AClient\AClient.exe [2008-12-23 5365836]
R2 AeXNSClient;Altiris Agent; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2008-10-13 1282048]
R2 atchksrv;Intel(R) Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-09-07 182808]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-18 557056]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2008-10-30 1467712]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-07 152984]
R2 JuniperAccessService;Juniper Unified Network Service; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2008-06-05 87416]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-30 1181328]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-09-07 121368]
R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2009-04-29 21256]
R2 McAfeeFramework;McAfee Framework-Dienst; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-03-14 103744]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-04-29 62800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2009-05-19 70216]
R2 Pointsec;Pointsec; C:\WINDOWS\system32\Prot_srv.exe [2008-08-12 469552]
R2 Pointsec_start;Pointsec Service Start; C:\WINDOWS\system32\pstartSr.exe [2008-08-12 174640]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-09-07 1464856]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2009-05-19 144888]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hips;McAfee HIPSCore Service; C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [2008-10-30 34408]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-09-08 575488]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Je tam toho požehnaně.

~~~

Vložte sem log z ComboFix.

Stáhněte a uložte na Plochu ComboFix, poté ho spusťte s administrátorským oprávněním.
Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'. Budete také dotázán na instalaci konzole pro zotavení, klikněte na 'Ano'.
Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat. Váš PC bude pravděpodobně restartován, tak se toho neděste. Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
Po skončení skenu na Vás vypadne log, který vkopírujete sem.

tak Combofix to samé co spybot. Zůstane viset v procesech, ale nespustí se. Ani v nouzáku.

Takže zkusíte toto


 

Pokud jste tak ještě neučinil, přesuňte Combofix (Gaston) na plochu.
Otevřete si Poznámkový blok.( Start - Všechny programy - Příslušenství)
Do něj zkopírujte skript z následujícího okna:
 

Kód: Vybrat vše

KILLALL::

 
Uložte vámi vytvořeny textový soubor jako(Uložit soubor jako) CFScript.txt na plochu,
po uloženi uchopte vámi vytvořeny skript levým tlačítkem myši a přesuňte jej nad ikonu Combofixu podle obrázku,
pak upusťte uvolněním tlačítka myši skript na ikonu Combofixu.[/color]
 

 během skenu se nepokoušejte spouštět žádné jiné aplikace ani nic jiného neklikat neukončovat
po aplikaci by na váš mel vybafnout další log, vložte jej sem
 Upozorněni: je možné, ze po aplikaci skriptu a restartu nenaběhnou Windows, v takovém případe znovu restartujte a zvolte Poslední známou funkční konfiguraci

bohužel výsledek je stejný. Combofix zůstane viset v procesech, neděje se nic a nevytěžuje CPU.

Než přijde kolega Uk zkuste ještě tohle



Přejmenujte combofix na Cokoliv.exe a spusťte v nouzovém režimu
(klikněte na combofix pravým myšítkem, přejmenovat, nouzový režim spustíte tak, že po restartu mačkáte F8 - nouzový režim s prací v síti)

Pokud combofix nepujde, dejte log z Gmer a mbamu

stáhněte HostsXpert http://www.funkytoad.com/download/HostsXpert.zip
-rozbalte do vlastní složky
-klikněte na tlačítko Restore MS Hosts File
- vyskočí hláška na potvrzení, klikněte na OK
- pokud by program vyhodil chybovou hlášku: ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\ETC\hosts
tak klikněte tlačítko Make Writeable? a pak teprve klikněte na tlačítko Restore MS Hosts File
- po proběhnutí pak klikněte na tlačítko Make ReadOnly?
- ukončete program a restartujte Počítač

Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Přejmenování Combofixu nepomohlo, gmer a a mbam po spuštění také zůstávají viset v procesech bez toho aniž by se spustily.

To hostsxpert jsem provedl.

až se vám to bude zdát beznadějné, tak řekněte. Už jsem se psychicky připravil na to, že budu muset srazit oddíl, formátovat a znovu instalovat systém. Každopádně do nedělního večera to ještě vydržím. Toužím se té svini dostat na kobylku....

Opravdu to nejde spustit ani v Nouzovém režimu?

A ostatní programy, jako např. Firefox, Malování atp. jdou spustit?

znovu jsem pustil nouzový režim a ověřil. Skutečně se to chová stejně. Po spuštění se nic nestane a exe soubor zůstane viset v procesech.

Takhle se zatím chová spybot, gmer, mbam a combofix. Třeba instalace spybotu lze pustit bez problémů, ale po instalaci aplikaci nepustím (stejně tak mbam).

Na další aplikace, které by se při spuštění takhle chovaly jsem nenarazil. Třeba mozilla nebo malování funguje normálně.

Spustit mi lze i Ad-aware, ale ten nic nenachází.

díky naughty, konečně jsme se hnuli z místa

autostart.bat jsem našel jen jeden - ve složce printserveru. Obsahuje toto:
powercfg /S "Always On"
del /f /q "C:\Documents and Settings\%username%\Start Menu\Programs\Startup\autostart.bat"
(v mém %username% jsem na uvedené adrese (startup) nenašel žádný soubor)

Po přejmenování combofixu z exe na com se spustil. Tady je log:

ComboFix 09-12-31.01 - jmartinec 01.01.2010 18:54:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.420.1033.18.3066.2466 [GMT 1:00]
ausgeführt von:: c:\documents and settings\jmartinec\Desktop\ComboFix.com
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\ACE.dll
c:\windows\system32\drivers\H8SRTmxxvjrnsmf.sys
c:\windows\system32\H8SRTccrrsaoroc.dat
c:\windows\system32\H8SRTkkaodxbitb.dll
c:\windows\system32\H8SRTndmmykteso.dll
c:\windows\system32\srcr.dat
c:\windows\system32\Thumbs.db

----- BITS: Eventuell infizierte Webseiten -----

hxxp://sm-gblo-sus31
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((( Dateien erstellt von 2009-12-01 bis 2010-01-01 ))))))))))))))))))))))))))))))
.

2010-01-01 18:04 . 2010-01-01 18:04 40719 ----a-w- c:\windows\system32\api_hook_list.dat
2010-01-01 18:04 . 2008-10-30 14:44 38016 ----a-w- c:\windows\system32\HIPIS0e0118e.dll
2010-01-01 15:04 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 15:04 . 2010-01-01 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-01 15:04 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 15:04 . 2010-01-01 15:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 18:40 . 2010-01-01 17:25 -------- d-----w- c:\program files\trend micro
2009-12-31 18:40 . 2009-12-31 18:40 -------- d-----w- C:\rsit
2009-12-31 18:19 . 2009-12-31 18:19 -------- d-----w- c:\program files\CCleaner
2009-12-30 19:37 . 2009-12-30 19:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-30 19:31 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-30 19:31 . 2009-12-30 19:31 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-30 19:31 . 2009-12-30 19:31 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-30 19:31 . 2009-12-30 19:31 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-30 19:31 . 2009-12-30 19:31 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-30 19:31 . 2009-12-30 19:31 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-30 19:31 . 2009-12-30 19:31 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-30 19:31 . 2009-12-30 19:31 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-30 19:31 . 2009-12-30 19:31 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-30 19:28 . 2009-12-30 19:28 -------- d-----w- c:\program files\Lavasoft
2009-12-30 19:20 . 2009-12-31 11:19 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-30 14:59 . 2009-12-30 14:59 -------- d-----w- c:\program files\Cinemax
2009-12-30 13:16 . 2009-12-30 13:16 -------- d-----w- c:\program files\ESET
2009-12-30 12:40 . 2009-12-30 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-12-30 12:40 . 2009-12-30 12:40 262144 ----a-w- c:\documents and settings\ntuser.dat
2009-12-30 12:39 . 2009-12-30 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-12-30 12:39 . 2009-12-30 12:39 -------- d-----w- c:\program files\Common Files\iS3
2009-12-30 12:21 . 2010-01-01 09:23 873 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-28 20:23 . 2009-12-28 20:23 29926 ----a-r- c:\documents and settings\jmartinec\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2009-12-28 20:23 . 2005-09-23 21:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-12-28 20:23 . 2009-12-28 20:23 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-12-28 20:22 . 2009-12-28 20:25 -------- d-----w- c:\documents and settings\jmartinec\Local Settings\Application Data\Pinnacle
2009-12-28 20:22 . 2009-12-28 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
2009-12-28 20:17 . 2009-12-28 20:17 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2009-12-28 20:17 . 2009-12-28 20:17 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-12-28 20:17 . 2009-12-28 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 14
2009-12-28 20:17 . 2009-12-28 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2009-12-28 16:53 . 2009-12-28 16:53 -------- d-----w- c:\windows\system32\de-DE
2009-12-28 16:49 . 2009-12-28 16:49 -------- d-----w- C:\5498d4549e722309cb9a82bc38
2009-12-28 16:39 . 2009-12-28 16:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-12-28 15:14 . 2009-12-28 20:17 -------- d-----w- c:\program files\Pinnacle
2009-12-28 15:13 . 2009-12-28 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-12-25 11:13 . 2009-12-25 11:13 -------- d--h--r- c:\documents and settings\jmartinec\Application Data\SecuROM
2009-12-24 21:56 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-24 21:56 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-24 21:56 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-24 21:56 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-22 15:06 . 2009-12-22 15:06 -------- d-----w- c:\windows\system32\LogFiles
2009-12-04 20:39 . 2009-12-19 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2009-12-04 18:47 . 2009-12-04 18:47 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 18:00 . 2009-11-09 19:36 -------- d-----w- c:\program files\ICQ6.5
2010-01-01 09:02 . 2009-11-28 10:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-31 20:10 . 2009-10-10 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-12-31 13:50 . 2009-10-09 15:23 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Skype
2009-12-31 11:26 . 2009-11-09 19:37 -------- d-----w- c:\documents and settings\jmartinec\Application Data\ICQ
2009-12-31 11:25 . 2009-10-09 15:24 -------- d-----w- c:\documents and settings\jmartinec\Application Data\skypePM
2009-12-30 20:43 . 2009-12-01 19:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-30 20:43 . 2009-12-01 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-30 19:31 . 2009-12-30 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-30 19:31 . 2009-12-30 19:31 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-30 19:31 . 2009-12-30 19:31 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-30 19:31 . 2009-12-30 19:31 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-30 19:30 . 2009-12-30 19:30 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-30 19:30 . 2009-12-30 19:30 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-30 19:30 . 2009-12-30 19:30 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-30 19:30 . 2009-12-30 19:30 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-30 19:30 . 2009-12-30 19:30 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-30 19:30 . 2009-12-30 19:30 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-30 19:30 . 2009-12-30 19:30 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-30 19:28 . 2009-12-30 19:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-30 13:05 . 2009-12-30 13:04 520 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-12-30 13:05 . 2009-12-30 13:04 272 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-12-29 22:44 . 2009-10-11 14:37 691160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-28 20:24 . 2009-10-09 09:47 105592 ----a-w- c:\documents and settings\jmartinec\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-28 16:39 . 2009-10-10 18:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-28 16:38 . 2009-10-10 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-28 16:34 . 2009-10-09 15:23 -------- d-----r- c:\program files\Skype
2009-12-28 16:32 . 2009-10-09 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 16:32 . 2009-11-27 19:31 -------- d-----w- c:\program files\Altitude
2009-12-28 16:31 . 2009-10-10 18:21 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-25 11:13 . 2009-11-29 09:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-21 18:53 . 2009-11-09 18:47 -------- d-----w- c:\program files\coolpro2
2009-12-04 18:47 . 2009-10-11 14:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 21:24 . 2009-10-09 14:17 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2009-12-02 09:39 . 2009-12-02 09:38 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Winamp
2009-12-02 09:39 . 2009-12-02 09:38 -------- d-----w- c:\program files\Winamp
2009-11-29 09:42 . 2009-11-29 09:42 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-29 09:42 . 2009-11-29 09:37 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Hamachi
2009-11-29 09:21 . 2009-11-29 09:16 -------- d-----w- c:\program files\DkZ Studio
2009-11-29 09:16 . 2009-11-02 12:25 737280 ----a-w- c:\windows\iun6002.exe
2009-11-28 13:15 . 2009-10-11 16:07 -------- d-----w- c:\program files\KONAMI
2009-11-28 13:14 . 2009-10-09 08:49 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 10:58 . 2009-11-28 10:58 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Talkback
2009-11-28 10:58 . 2009-11-28 10:58 0 ----a-w- c:\windows\nsreg.dat
2009-11-28 10:58 . 2009-11-28 10:58 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Thunderbird
2009-11-24 18:13 . 2009-11-24 18:13 -------- d-----w- c:\program files\DivX
2009-11-24 18:13 . 2009-11-24 18:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-24 15:54 . 2009-11-24 15:16 -------- d-----w- c:\program files\Insectoid 1.0.0
2009-11-24 15:19 . 2009-11-24 15:19 -------- d-----w- c:\documents and settings\jmartinec\Application Data\ActionSoft
2009-11-24 15:19 . 2009-11-24 15:19 4096 ----a-w- c:\windows\d3dx.dat
2009-11-18 07:33 . 2009-11-18 07:33 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Sonic
2009-11-17 17:50 . 2009-11-17 17:50 -------- d-----w- c:\program files\Common Files\DirectX
2009-11-15 09:53 . 2009-11-15 09:53 -------- d-----w- c:\program files\Nokia
2009-11-15 09:53 . 2009-11-15 09:53 -------- d-----w- c:\program files\DIFX
2009-11-15 09:53 . 2009-11-15 09:53 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-15 09:53 . 2009-11-15 09:53 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-15 09:53 . 2009-11-15 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-10 14:02 . 2009-10-07 06:32 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys
2009-11-10 14:02 . 2009-11-10 14:02 -------- d-----w- c:\program files\Common Files\ESRI
2009-11-10 13:53 . 2009-10-07 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 13:46 . 2009-10-07 05:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-10 13:42 . 2009-11-10 13:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-09 18:46 . 2009-11-09 18:46 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Syntrillium
2009-11-05 13:10 . 2009-11-05 13:10 -------- d-----w- c:\program files\Native Instruments
2009-11-05 12:56 . 2009-11-05 12:56 57344 ----a-r- c:\documents and settings\jmartinec\Application Data\Microsoft\Installer\{8FE3E922-C58B-4E18-A923-FC85530C23C5}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2009-11-05 12:56 . 2009-11-05 12:56 57344 ----a-r- c:\documents and settings\jmartinec\Application Data\Microsoft\Installer\{8FE3E922-C58B-4E18-A923-FC85530C23C5}\NewShortcut1_B56E5B51EA954C948003CC703E2AFAD5.exe
2009-11-05 12:56 . 2009-11-05 12:56 -------- d-----w- c:\program files\Serato
2009-10-16 12:19 . 2009-10-16 12:19 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-10-14 16:03 . 2009-10-14 16:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-13 10:03 . 2009-10-07 04:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-13 10:03 . 2009-10-07 04:53 2850 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-09 15:25 . 2009-10-09 15:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-09 12:45 . 2009-10-09 12:04 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-09 12:45 . 2009-10-09 12:04 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-09 07:35 . 2009-10-09 07:35 108544 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-09 07:35 . 2009-10-09 07:35 104960 ------w- c:\windows\system32\pxinsi64.exe
2009-10-09 07:35 . 2004-07-13 00:03 20576 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-10-08 21:11 . 2009-10-07 06:32 41 ----a-w- C:\AClient.dat
2009-10-07 06:47 . 2009-10-07 06:47 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-07 06:31 . 2009-10-07 06:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 05:21 . 2009-10-07 05:21 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{80F4D088-709B-4DC0-905C-8BCD996B00F9}\ARPPRODUCTICON.exe
2009-10-07 05:06 . 2009-10-07 05:06 2097152 --sh--r- C:\PROT_INS.SYS
2009-10-07 05:06 . 2009-10-07 05:06 6 ----a-w- C:\VOL_CHAR.DAT
2009-10-07 05:05 . 2009-10-07 05:05 34616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 04:53 . 2009-10-07 04:53 8738 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-10-07 04:52 . 2009-10-07 04:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-02-26 12:39 . 2009-10-09 07:29 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-02-26 12:39 . 2009-10-09 07:29 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-02-26 12:39 . 2009-10-09 07:29 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-02-26 12:39 . 2009-10-09 07:29 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2008-06-12 05:53 . 2009-10-09 07:29 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 05:53 . 2009-10-09 07:29 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2008-08-08 75248]
"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-08-12 813616]
"DI-Tag-Systray"="c:\program files\TWDC\DI-Tag\DI-Tag-Refresh.exe" [2006-05-17 40960]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-09-07 408088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-07 148888]
"AClntUsr"="c:\program files\Altiris\AClient\AClntUsr.EXE" [2010-01-01 184320]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2008-10-30 972096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\$App-EMEA-PrinterMig\Start Menu\Programs\Startup\
autostart.bat [2009-1-12 117]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
autostart.bat [2009-1-12 117]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoThemesTab"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\AMInit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/17/2009 2:01 PM 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/30/2009 8:31 PM 64288]
R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [8/12/2008 11:30 AM 214320]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\atchksrv.exe [10/7/2009 7:30 AM 182808]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [4/23/2009 1:23 PM 35691]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [10/30/2008 3:44 PM 1467712]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [6/5/2008 12:02 AM 87416]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 PM 1181328]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [4/29/2009 7:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/7/2009 6:18 AM 70216]
R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [8/12/2008 11:31 AM 469552]
R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [8/12/2008 11:31 AM 174640]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/7/2009 7:30 AM 1464856]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [10/7/2009 3:36 PM 480640]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/7/2009 3:37 PM 243856]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2/29/2008 10:09 AM 42056]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [10/9/2009 3:17 PM 108280]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [10/9/2009 3:17 PM 37400]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [10/9/2009 3:17 PM 34432]
R3 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [10/9/2009 3:20 PM 34408]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/17/2009 2:02 PM 29192]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2/29/2008 10:09 AM 42056]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/17/2009 2:01 PM 25480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/7/2009 6:18 AM 65224]
S3 uxkx1;ASUS My Cinema U3100 Mini DVBT;c:\windows\system32\drivers\uxkx1.sys [7/11/2009 12:16 PM 459264]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/10/2009 7:14 PM 691696]
.
Inhalt des "geplante Tasks" Ordners

2010-01-01 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]

2010-01-01 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]

2010-01-01 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]

2010-01-01 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]

2010-01-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://eu.ask.com?o=15183&l=dis
mStart Page = hxxp://enterpriseportal.Blender.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\jmartinec\Application Data\Mozilla\Firefox\Profiles\roxm8qn2.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\jmartinec\Application Data\Mozilla\Firefox\Profiles\roxm8qn2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-SITEguard - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 19:06
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1220945662-776561741-1801674531-107831\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,db,9e,29,22,e8,2e,94,d2,61,b6,f3,f7,7c,e0,4c,4b,ea,d8,eb,56,a2,ef,
7c,5e,50,f6,05,a1,ff,0f,03,bc,8d,e5,1e,4a,aa,3b,43,b7,c1,8e,62,5b,7c,b2,00,\
"??"=hex:f5,b0,fe,04,ca,e0,96,fd,df,e6,ff,9e,b2,92,cf,ef
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1776)
c:\windows\system32\pssogina.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'lsass.exe'(1832)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'explorer.exe'(3804)
c:\windows\system32\WININET.dll
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll

- - - - - - - > 'csrss.exe'(1744)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Altiris\AClient\AClient.exe
c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\McAfee\VirusScan Enterprise\ShStat.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-01-01 19:11:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-01-01 18:11

Vor Suchlauf: 48 321 572 864 bytes free
Nach Suchlauf: 48 572 678 144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 31324202D1758941F9DE40548097FE3A

YES!!! Spybot funguje a zatím k zamrznutí nedošlo.

gmer

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xB9D4D462]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9D4D290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9D4D2A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9D4D30C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9D4D338]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9D4D3A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9D4D390]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9D4D3BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xB9D4D44E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9D4D3E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9D4D2E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9D4D254]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9D4D268]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9D4D424]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9D4D37A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9D4D364]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9D4D322]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9D4D410]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9D4D3FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9D4D2CE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9D4D2BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9D4D43A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9D4D27C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9D4D3D2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

ještě jednou. První sken z gmer s hlavičkou:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-01 19:38:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\jmartinec\LOCALS~1\Temp\pxriifow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xB9D4D462]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9D4D290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9D4D2A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9D4D30C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9D4D338]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9D4D3A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9D4D390]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9D4D3BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xB9D4D44E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9D4D3E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9D4D2E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9D4D254]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9D4D268]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9D4D424]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9D4D37A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9D4D364]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9D4D322]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9D4D410]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9D4D3FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9D4D2CE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9D4D2BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9D4D43A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9D4D27C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9D4D3D2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

a druhý požadovaný sken
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-01 19:42:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\jmartinec\LOCALS~1\Temp\pxriifow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA11887E]
SSDT \??\C:\WINDOWS\system32\Drivers\FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.) ZwCreateThread [0xA09B4E5A]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA118BFE]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xB9D4D462]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9D4D290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9D4D2A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9D4D30C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9D4D338]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9D4D3A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9D4D390]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9D4D3BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xB9D4D44E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9D4D3E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9D4D2E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9D4D254]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9D4D268]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9D4D424]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9D4D37A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9D4D364]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9D4D322]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9D4D410]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9D4D3FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9D4D2CE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9D4D2BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9D4D43A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9D4D27C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9D4D3D2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8C 0x1A 0xAE 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB1 0xB7 0x78 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x36 0x08 0x55 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8C 0x1A 0xAE 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB1 0xB7 0x78 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x36 0x08 0x55 0x55 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Documents and Settings\All Users\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----