Win32/Kryptik.JDI Trojan ,znížený vźkon a prehliadanie webu

[S1m0n]

Prajem prijemný večer.
Neviem si poradiť s infekciou ktorá sa dostala do mojho PC cez .exe súbor ktorý som zbrklo otvoril.
V minulosti som dokázal podobné infekcie vykoreniť ale tu si naoyaj neviem poradiť.
Jedná sa o trójskeho kona Win32/Kryptik.JDI ktorý myslím následne spúšťa další Win32/Sirefef.CH a taktiež Win32/Patched.HN

Problém je v spomalení operačného systému a taktiež obmedzenia internetového prehliadača Firefox v tom, že pri vyhladávaní
priamo cez Google.com vyhladaný odkaz neotvorí ale miesto otvorenej stránky vyletí EROR 404.
Pri dalšom potvrdení odkazu v prehliadači enterom stránku otvorí.

Tu je obrázok log ESETU:




Taktiež posielam log RSITu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Damian at 2011-11-26 19:16:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (48%) free of 19 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:17:00, on 26. 11. 2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
G:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Tunngle\TnglCtrl.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Program Files\WallpaperSS\WallpaperSS.exe
G:\Program Files\Kirby Alarm Pro\kirbyalarmpro.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe
C:\WINDOWS\system32\svchost.exe
G:\Downloads\RSIT.exe
C:\Program Files\trend micro\Damian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "G:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RestoreDesktop] D:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WallpaperSS] G:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: egui.exe
O4 - Global Startup: Kirby Alarm Pro.lnk = G:\Program Files\Kirby Alarm Pro\kirbyalarmpro.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET Service (ekrn) - ESET - G:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate1ca1b255eb2da80) (gupdate1ca1b255eb2da80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - G:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 8831 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1383384898-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1383384898-682003330-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Damian\Application Data\Mozilla\Firefox\Profiles\srarouhq.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/webhp?hl=en"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10, {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, bkmrksync@nokia.com:1.0.0.732, jqs@sun.com:1.0, {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1, {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01, QipCounter@qip.ru:1.0, LogMeInClient@logmein.com:1.0.0.608, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6, web2pdfextension@web2pdf.adobedotcom:1.0, en-US@dictionaries.addons.mozilla.org:5.0.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.0.8, support@auto-hide-ip.com:1.0, anttoolbar@ant.com:2.3.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"

"web2pdfextension@web2pdf.adobedotcom"=D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571]
"Description"=RealMedia Plugin
"Path"=D:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739]
"Description"=RealPlayer Version Plugin
"Path"=D:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

D:\Program Files\Mozilla Firefox 4.0 Beta 4\extensions\
testpilot@labs.mozilla.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

D:\Program Files\Mozilla Firefox 4.0 Beta 4\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

D:\Program Files\Mozilla Firefox 4.0 Beta 4\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Damian\Application Data\Mozilla\Firefox\Profiles\srarouhq.default\extensions\
anttoolbar@ant.com
en-US@dictionaries.addons.mozilla.org
LogMeInClient@logmein.com
{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\prxtbFre2.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-17 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25 340384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\prxtbFre2.dll [2011-01-17 175912]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25 340384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"AgataSoft ShutDown Pro"= []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"=D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2010-10-25 36760]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2010-10-25 821144]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"egui"=G:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RestoreDesktop"=D:\Program Files\Restore Desktop\RestoreDesktop.exe [2003-03-11 45056]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-12 39408]
"WallpaperSS"=G:\Program Files\WallpaperSS\WallpaperSS.exe [2010-11-16 454344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgataSoft ShutDown Pro]
D:\Program Files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-06-28 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\Program Files\DAEMON Tools\daemon.exe [2005-11-09 128920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 4300 Series\ezprint.exe [2005-07-26 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Damian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-28 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
D:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2010-05-31 63048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-04 1955208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe]
C:\Program Files\Lexmark 4300 Series\lxcemon.exe [2005-08-02 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe [2007-09-07 3100672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\Program Files\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Program Files\Steam\Steam.exe [2011-10-28 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-12 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Damian^Start Menu^Programs^Startup^3DO - Might and Magic VII Registration.lnk]
D:\HRY2\3DO\MIGHTA~1\Register\Remind32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Damian^Start Menu^Programs^Startup^Mozilla Firefox 4.0 Beta 4.lnk]
D:\PROGRA~1\MOZILL~1.0BE\firefox.exe [2011-11-20 924632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kirby Alarm Pro.lnk - G:\Program Files\Kirby Alarm Pro\kirbyalarmpro.exe

C:\Documents and Settings\Damian\Start Menu\Programs\Startup
egui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2011-03-29 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TPSvc]
TPSvc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Hry\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="D:\Hry\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\Hry\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="D:\Hry\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Miranda IM\miranda32.exe"="D:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\HRY2\Ultima Online Mondain's Legacy\client.exe"="D:\HRY2\Ultima Online Mondain's Legacy\client.exe:*:Enabled:client"
"D:\Program Files\UOAM-Twillight Zone\uoam.exe"="D:\Program Files\UOAM-Twillight Zone\uoam.exe:*:Enabled:Ultima Online's premier mapping tool."
"E:\Hry\F4Fx\HalfLife2\hl2.exe"="E:\Hry\F4Fx\HalfLife2\hl2.exe:*:Enabled:hl2"
"D:\Program Files\UOAM\uoam.exe"="D:\Program Files\UOAM\uoam.exe:*:Enabled:Ultima Online's premier mapping tool."
"D:\Program Files\DAEMON Tools\daemon.exe"="D:\Program Files\DAEMON Tools\daemon.exe:*:Enabled:DAEMON Tools Lite"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"D:\Program Files\QIP\qip.exe"="D:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\HRY2\Ultima Online 2D Client (Twilight Zone)\client.exe"="D:\HRY2\Ultima Online 2D Client (Twilight Zone)\client.exe:*:Enabled:Ultima Online Client"
"D:\Program Files\BORGChat\BORGChat.exe"="D:\Program Files\BORGChat\BORGChat.exe:*:Enabled:BORGChat"
"D:\HRY2\Ultima Online Mondain's Legacy\uotd.exe"="D:\HRY2\Ultima Online Mondain's Legacy\uotd.exe:*:Enabled:uotdd"
"D:\HRY2\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="D:\HRY2\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"D:\HRY2\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="D:\HRY2\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\Documents and Settings\Damian\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Damian\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Damian\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Damian\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\12Voip.com\12Voip\12Voip.exe"="D:\Program Files\12Voip.com\12Voip\12Voip.exe:*:Enabled:12Voip"
"D:\Program Files\BitComet\BitComet.exe"="D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows"
"G:\Program Files\Tunngle\tnglctrl.exe"="G:\Program Files\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service"
"G:\Program Files\Tunngle\tunngle.exe"="G:\Program Files\Tunngle\tunngle.exe:*:Enabled:Tunngle Client"
"D:\Program Files\ACSPMonitor\ASMonitor.exe"="D:\Program Files\ACSPMonitor\ASMonitor.exe:*:Enabled:System"
"D:\Program Files\Steam\Steam.exe"="D:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"D:\Program Files\Steam\steamapps\s1xk1ll3r_svk_\condition zero\hl.exe"="D:\Program Files\Steam\steamapps\s1xk1ll3r_svk_\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero"
"D:\Program Files\Steam\steamapps\s1xk1ll3r_svk_\counter-strike\hl.exe"="D:\Program Files\Steam\steamapps\s1xk1ll3r_svk_\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.ffds"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.fvfw"=ff_vfw.dll
"msacm.avis"=ff_acm.acm
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.SP54"=SP5X_32.DLL
"VIDC.SP55"=SP5X_32.DLL
"VIDC.SP56"=SP5X_32.DLL
"VIDC.SP57"=SP5X_32.DLL
"VIDC.SP58"=SP5X_32.DLL
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2011-11-26 19:16:51 ----D---- C:\Program Files\trend micro
2011-11-26 19:16:50 ----D---- C:\rsit
2011-11-26 18:02:50 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2011-11-26 01:01:00 ----D---- C:\Program Files\Common Files\iS3
2011-11-25 23:20:38 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-11-22 18:59:25 ----RD---- C:\Program Files\Skype
2011-11-22 18:59:18 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-11-13 21:53:59 ----D---- C:\Documents and Settings\Damian\Application Data\Razor
2011-11-13 20:36:51 ----A---- C:\WINDOWS\{00000002-00000000-0000000C-00001102-00000002-80271102}.BAK
2011-11-05 21:51:58 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2011-11-05 21:51:58 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2011-11-05 21:51:58 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2011-11-05 21:51:57 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2011-11-05 21:51:55 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2011-11-05 21:51:54 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2011-11-05 21:51:33 ----D---- C:\WINDOWS\Logs
2011-10-31 19:22:04 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2011-10-31 19:21:56 ----D---- C:\Program Files\PC Connectivity Solution
2011-10-28 13:01:47 ----D---- C:\Program Files\Common Files\Steam

======List of files/folders modified in the last 1 month======

2011-11-26 19:17:00 ----D---- C:\WINDOWS\Prefetch
2011-11-26 19:16:51 ----D---- C:\Program Files
2011-11-26 19:12:41 ----D---- C:\WINDOWS\Temp
2011-11-26 19:11:41 ----D---- C:\WINDOWS\system32\drivers
2011-11-26 19:10:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-26 19:09:19 ----SHD---- C:\WINDOWS\Installer
2011-11-26 18:45:36 ----SHD---- C:\System Volume Information
2011-11-26 18:45:36 ----D---- C:\WINDOWS\system32\Restore
2011-11-26 18:40:33 ----D---- C:\WINDOWS
2011-11-26 18:05:27 ----D---- C:\WINDOWS\system32\CatRoot
2011-11-26 18:03:52 ----HD---- C:\WINDOWS\inf
2011-11-26 18:03:26 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-26 17:44:34 ----D---- C:\WINDOWS\Provisioning
2011-11-26 01:13:51 ----D---- C:\WINDOWS\system32
2011-11-26 01:01:08 ----D---- C:\WINDOWS\WinSxS
2011-11-26 01:01:00 ----D---- C:\Program Files\Common Files
2011-11-26 00:24:46 ----AD---- C:\Documents and Settings\All Users\Application Data\Temp
2011-11-25 23:53:50 ----D---- C:\Documents and Settings\Damian\Application Data\GetRightToGo
2011-11-25 23:42:15 ----D---- C:\WINDOWS\system
2011-11-25 23:40:41 ----D---- C:\WINDOWS\pss
2011-11-25 23:04:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-25 19:01:49 ----A---- C:\WINDOWS\wdict32.INI
2011-11-24 21:29:41 ----D---- C:\Documents and Settings\Damian\Application Data\Skype
2011-11-24 21:29:36 ----D---- C:\Documents and Settings\Damian\Application Data\foobar2000
2011-11-21 19:59:06 ----A---- C:\WINDOWS\system32\everest_cpl.ini
2011-11-21 19:52:37 ----HD---- C:\Program Files\InstallShield Installation Information
2011-11-21 19:52:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-11-16 20:31:52 ----D---- C:\WINDOWS\system32\DirectX
2011-11-16 15:22:23 ----D---- C:\Program Files\Lx_cats
2011-11-13 14:30:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-11-13 11:54:08 ----D---- C:\Documents and Settings\Damian\Application Data\gtk-2.0
2011-11-12 18:50:41 ----D---- C:\WINDOWS\Minidump
2011-11-07 16:33:48 ----D---- C:\Documents and Settings\Damian\Application Data\BitComet
2011-11-05 21:53:35 ----D---- C:\Program Files\NVIDIA Corporation
2011-10-31 19:24:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-10-31 19:23:00 ----D---- C:\Program Files\Common Files\Nokia
2011-10-31 19:22:58 ----D---- C:\Program Files\Common Files\PCSuite
2011-10-31 19:18:13 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2011-10-31 18:35:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-31 15:26:23 ----D---- C:\Documents and Settings\All Users\Application Data\PhotoStitch
2011-10-31 15:14:25 ----D---- C:\Documents and Settings\Damian\Application Data\ZoomBrowser EX
2011-10-31 15:14:25 ----D---- C:\Documents and Settings\Damian\Application Data\CameraWindowDC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 hotcore3;hc3ServiceName; C:\WINDOWS\system32\DRIVERS\hotcore3.sys [2010-07-13 40560]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-09-26 721904]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-13 225664]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/22 16:10:50]; \??\D:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-07-16 35088]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2010-09-26 223128]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-09 39824]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2010-05-31 10144]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-08-12 10368]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2010-04-29 37920]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 TfFsMon;TfFsMon; C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon; C:\WINDOWS\system32\drivers\TfSysMon.sys []
S3 CA504AV;GSmart Mini 2 WDM Video Capture; C:\WINDOWS\System32\Drivers\CA504AV.SYS [2002-07-12 508394]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-05-01 743367]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 DrmRAudio;DrmRAudio; C:\WINDOWS\system32\drivers\DrmRAudio.sys [2011-01-17 23608]
S3 DrmRVideo;DrmRVideo; C:\WINDOWS\system32\DRIVERS\DrmRVideo.sys [2011-01-17 5688]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 FLASHSYS;FLASHSYS; \??\C:\WINDOWS\system32\DRIVERS\FLASHSYS.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Sunplus;GSmart Mini 2 Still Image Capture; C:\WINDOWS\System32\Drivers\Bulk504.sys [2002-07-11 10988]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WEBNTACCESS;WEBNTACCESS; \??\C:\WINDOWS\system32\NTACCESS.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96256]
R2 ekrn;ESET Service; G:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 962560]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1355776]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 147456]
R2 LMIGuardianSvc;LMIGuardianSvc; D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2011-03-29 368640]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 864256]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 148992]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-29 77824]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 TunngleService;TunngleService; G:\Program Files\Tunngle\TnglCtrl.exe [2011-06-15 733184]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 442368]
S2 gupdate1ca1b255eb2da80;Služba Google Update (gupdate1ca1b255eb2da80); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-12 127488]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-12 194104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-12 127488]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 lxce_device;lxce_device; C:\WINDOWS\system32\lxcecoms.exe [2005-07-06 471040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-11-04 419624]
S4 LMIMaint;LogMeIn Maintenance Service; D:\Program Files\LogMeIn\x86\RaMaint.exe [2011-03-29 136584]
S4 LogMeIn;LogMeIn; D:\Program Files\LogMeIn\x86\LogMeIn.exe [2011-03-29 390528]
S4 MBAMService;MBAMService; D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

-----------------EOF-----------------




Videl som podobný thread na vašom fóre ale je nedoriešený a pre mna tu bude možno iné riešenie. Taktiež by som túto nepríjemnosť
vybavil v čo najkratšom čase.

Za pomoc vám vopred Ďakujem.
Simon

[cernohous13]

Zdravím,

Restartuj do nouzového režimu s prací v síti.

Stáhni Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkus stáhnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusť a nechej ho pracovat. Sám se ukončí.

- Teď nesmíš restartovat počítač!

Spusť ComboFix

Stáhni si : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

[S1m0n]

Takze som postupoval podla navodu.

RKILL sa po kratkej chvilke prerusil z nejakou hlaskou ze proces bol preruseny pretoze nieco blokoval iny proces.
Pri prvom spusteni ComboFixu som sa musel vratit spat do windowsu vypnut ESET pretoze som to nebol schopny spravit v safe mode.
Postup som potom opakoval.


Prikladam teda aj RKILL.log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on . 11. 2011 at 21:23:47.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on . 11. 2011 at 21:23:51.



Po spusteni ComboFixu program nainstaloval recovery console a spustil sa.
Taktiez po kratkej chvili upozornil na nejaku nebezpecnu infekciu ktora sa nasledne pokusala robit bordel a tak ComboFix restartoval PC do normalneho modu ak som dobre videl a tam previedol dalsie operacie.
Tu je log:


ComboFix 11-11-26.04 - Damian . 11. 2011 21:31:07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1637 [GMT 1:00]
Running from: c:\documents and settings\Damian\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AgentSS
c:\documents and settings\All Users\Application Data\AgentSS\sslist.dat
c:\documents and settings\All Users\Application Data\AgentSS\wincfg1.ssf
c:\documents and settings\All Users\Application Data\AgentSS\wincfg2.ssf
c:\documents and settings\All Users\Application Data\emopts.dat
c:\documents and settings\All Users\Application Data\sacache\7
c:\documents and settings\All Users\Application Data\sacache\7\1.log
c:\documents and settings\All Users\Application Data\sacache\7\10.log
c:\documents and settings\All Users\Application Data\sacache\7\100.log
c:\documents and settings\All Users\Application Data\sacache\7\101.log
c:\documents and settings\All Users\Application Data\sacache\7\102.log
c:\documents and settings\All Users\Application Data\sacache\7\103.log
c:\documents and settings\All Users\Application Data\sacache\7\104.log
c:\documents and settings\All Users\Application Data\sacache\7\105.log
c:\documents and settings\All Users\Application Data\sacache\7\106.log
c:\documents and settings\All Users\Application Data\sacache\7\107.log
c:\documents and settings\All Users\Application Data\sacache\7\108.log
c:\documents and settings\All Users\Application Data\sacache\7\109.log
c:\documents and settings\All Users\Application Data\sacache\7\11.log
c:\documents and settings\All Users\Application Data\sacache\7\110.log
c:\documents and settings\All Users\Application Data\sacache\7\111.log
c:\documents and settings\All Users\Application Data\sacache\7\112.log
c:\documents and settings\All Users\Application Data\sacache\7\113.log
c:\documents and settings\All Users\Application Data\sacache\7\114.log
c:\documents and settings\All Users\Application Data\sacache\7\115.log
c:\documents and settings\All Users\Application Data\sacache\7\116.log
c:\documents and settings\All Users\Application Data\sacache\7\117.log
c:\documents and settings\All Users\Application Data\sacache\7\118.log
c:\documents and settings\All Users\Application Data\sacache\7\119.log
c:\documents and settings\All Users\Application Data\sacache\7\12.log
c:\documents and settings\All Users\Application Data\sacache\7\120.log
c:\documents and settings\All Users\Application Data\sacache\7\121.log
c:\documents and settings\All Users\Application Data\sacache\7\122.log
c:\documents and settings\All Users\Application Data\sacache\7\123.log
c:\documents and settings\All Users\Application Data\sacache\7\124.log
c:\documents and settings\All Users\Application Data\sacache\7\125.log
c:\documents and settings\All Users\Application Data\sacache\7\126.log
c:\documents and settings\All Users\Application Data\sacache\7\127.log
c:\documents and settings\All Users\Application Data\sacache\7\128.log
c:\documents and settings\All Users\Application Data\sacache\7\129.log
c:\documents and settings\All Users\Application Data\sacache\7\13.log
c:\documents and settings\All Users\Application Data\sacache\7\130.log
c:\documents and settings\All Users\Application Data\sacache\7\131.log
c:\documents and settings\All Users\Application Data\sacache\7\132.log
c:\documents and settings\All Users\Application Data\sacache\7\133.log
c:\documents and settings\All Users\Application Data\sacache\7\134.log
c:\documents and settings\All Users\Application Data\sacache\7\135.log
c:\documents and settings\All Users\Application Data\sacache\7\136.log
c:\documents and settings\All Users\Application Data\sacache\7\137.log
c:\documents and settings\All Users\Application Data\sacache\7\138.log
c:\documents and settings\All Users\Application Data\sacache\7\139.log
c:\documents and settings\All Users\Application Data\sacache\7\14.log
c:\documents and settings\All Users\Application Data\sacache\7\140.log
c:\documents and settings\All Users\Application Data\sacache\7\141.log
c:\documents and settings\All Users\Application Data\sacache\7\142.log
c:\documents and settings\All Users\Application Data\sacache\7\143.log
c:\documents and settings\All Users\Application Data\sacache\7\144.log
c:\documents and settings\All Users\Application Data\sacache\7\145.log
c:\documents and settings\All Users\Application Data\sacache\7\146.log
c:\documents and settings\All Users\Application Data\sacache\7\147.log
c:\documents and settings\All Users\Application Data\sacache\7\148.log
c:\documents and settings\All Users\Application Data\sacache\7\149.log
c:\documents and settings\All Users\Application Data\sacache\7\15.log
c:\documents and settings\All Users\Application Data\sacache\7\150.log
c:\documents and settings\All Users\Application Data\sacache\7\151.log
c:\documents and settings\All Users\Application Data\sacache\7\152.log
c:\documents and settings\All Users\Application Data\sacache\7\153.log
c:\documents and settings\All Users\Application Data\sacache\7\154.log
c:\documents and settings\All Users\Application Data\sacache\7\155.log
c:\documents and settings\All Users\Application Data\sacache\7\156.log
c:\documents and settings\All Users\Application Data\sacache\7\157.log
c:\documents and settings\All Users\Application Data\sacache\7\158.log
c:\documents and settings\All Users\Application Data\sacache\7\159.log
c:\documents and settings\All Users\Application Data\sacache\7\16.log
c:\documents and settings\All Users\Application Data\sacache\7\160.log
c:\documents and settings\All Users\Application Data\sacache\7\161.log
c:\documents and settings\All Users\Application Data\sacache\7\162.log
c:\documents and settings\All Users\Application Data\sacache\7\163.log
c:\documents and settings\All Users\Application Data\sacache\7\164.log
c:\documents and settings\All Users\Application Data\sacache\7\165.log
c:\documents and settings\All Users\Application Data\sacache\7\166.log
c:\documents and settings\All Users\Application Data\sacache\7\167.log
c:\documents and settings\All Users\Application Data\sacache\7\168.log
c:\documents and settings\All Users\Application Data\sacache\7\169.log
c:\documents and settings\All Users\Application Data\sacache\7\17.log
c:\documents and settings\All Users\Application Data\sacache\7\170.log
c:\documents and settings\All Users\Application Data\sacache\7\171.log
c:\documents and settings\All Users\Application Data\sacache\7\172.log
c:\documents and settings\All Users\Application Data\sacache\7\173.log
c:\documents and settings\All Users\Application Data\sacache\7\174.log
c:\documents and settings\All Users\Application Data\sacache\7\175.log
c:\documents and settings\All Users\Application Data\sacache\7\176.log
c:\documents and settings\All Users\Application Data\sacache\7\177.log
c:\documents and settings\All Users\Application Data\sacache\7\178.log
c:\documents and settings\All Users\Application Data\sacache\7\179.log
c:\documents and settings\All Users\Application Data\sacache\7\18.log
c:\documents and settings\All Users\Application Data\sacache\7\180.log
c:\documents and settings\All Users\Application Data\sacache\7\181.log
c:\documents and settings\All Users\Application Data\sacache\7\182.log
c:\documents and settings\All Users\Application Data\sacache\7\183.log
c:\documents and settings\All Users\Application Data\sacache\7\184.log
c:\documents and settings\All Users\Application Data\sacache\7\185.log
c:\documents and settings\All Users\Application Data\sacache\7\186.log
c:\documents and settings\All Users\Application Data\sacache\7\187.log
c:\documents and settings\All Users\Application Data\sacache\7\188.log
c:\documents and settings\All Users\Application Data\sacache\7\189.log
c:\documents and settings\All Users\Application Data\sacache\7\19.log
c:\documents and settings\All Users\Application Data\sacache\7\190.log
c:\documents and settings\All Users\Application Data\sacache\7\191.log
c:\documents and settings\All Users\Application Data\sacache\7\192.log
c:\documents and settings\All Users\Application Data\sacache\7\193.log
c:\documents and settings\All Users\Application Data\sacache\7\194.log
c:\documents and settings\All Users\Application Data\sacache\7\195.log
c:\documents and settings\All Users\Application Data\sacache\7\196.log
c:\documents and settings\All Users\Application Data\sacache\7\197.log
c:\documents and settings\All Users\Application Data\sacache\7\198.log
c:\documents and settings\All Users\Application Data\sacache\7\199.log
c:\documents and settings\All Users\Application Data\sacache\7\2.log
c:\documents and settings\All Users\Application Data\sacache\7\20.log
c:\documents and settings\All Users\Application Data\sacache\7\200.log
c:\documents and settings\All Users\Application Data\sacache\7\201.log
c:\documents and settings\All Users\Application Data\sacache\7\202.log
c:\documents and settings\All Users\Application Data\sacache\7\203.log
c:\documents and settings\All Users\Application Data\sacache\7\204.log
c:\documents and settings\All Users\Application Data\sacache\7\205.log
c:\documents and settings\All Users\Application Data\sacache\7\206.log
c:\documents and settings\All Users\Application Data\sacache\7\207.log
c:\documents and settings\All Users\Application Data\sacache\7\208.log
c:\documents and settings\All Users\Application Data\sacache\7\209.log
c:\documents and settings\All Users\Application Data\sacache\7\21.log
c:\documents and settings\All Users\Application Data\sacache\7\210.log
c:\documents and settings\All Users\Application Data\sacache\7\211.log
c:\documents and settings\All Users\Application Data\sacache\7\212.log
c:\documents and settings\All Users\Application Data\sacache\7\213.log
c:\documents and settings\All Users\Application Data\sacache\7\214.log
c:\documents and settings\All Users\Application Data\sacache\7\215.log
c:\documents and settings\All Users\Application Data\sacache\7\216.log
c:\documents and settings\All Users\Application Data\sacache\7\217.log
c:\documents and settings\All Users\Application Data\sacache\7\218.log
c:\documents and settings\All Users\Application Data\sacache\7\219.log
c:\documents and settings\All Users\Application Data\sacache\7\22.log
c:\documents and settings\All Users\Application Data\sacache\7\220.log
c:\documents and settings\All Users\Application Data\sacache\7\221.log
c:\documents and settings\All Users\Application Data\sacache\7\222.log
c:\documents and settings\All Users\Application Data\sacache\7\223.log
c:\documents and settings\All Users\Application Data\sacache\7\224.log
c:\documents and settings\All Users\Application Data\sacache\7\225.log
c:\documents and settings\All Users\Application Data\sacache\7\226.log
c:\documents and settings\All Users\Application Data\sacache\7\227.log
c:\documents and settings\All Users\Application Data\sacache\7\228.log
c:\documents and settings\All Users\Application Data\sacache\7\229.log
c:\documents and settings\All Users\Application Data\sacache\7\23.log
c:\documents and settings\All Users\Application Data\sacache\7\230.log
c:\documents and settings\All Users\Application Data\sacache\7\231.log
c:\documents and settings\All Users\Application Data\sacache\7\232.log
c:\documents and settings\All Users\Application Data\sacache\7\233.log
c:\documents and settings\All Users\Application Data\sacache\7\234.log
c:\documents and settings\All Users\Application Data\sacache\7\235.log
c:\documents and settings\All Users\Application Data\sacache\7\236.log
c:\documents and settings\All Users\Application Data\sacache\7\237.log
c:\documents and settings\All Users\Application Data\sacache\7\238.log
c:\documents and settings\All Users\Application Data\sacache\7\239.log
c:\documents and settings\All Users\Application Data\sacache\7\24.log
c:\documents and settings\All Users\Application Data\sacache\7\240.log
c:\documents and settings\All Users\Application Data\sacache\7\241.log
c:\documents and settings\All Users\Application Data\sacache\7\242.log
c:\documents and settings\All Users\Application Data\sacache\7\243.log
c:\documents and settings\All Users\Application Data\sacache\7\244.log
c:\documents and settings\All Users\Application Data\sacache\7\245.log
c:\documents and settings\All Users\Application Data\sacache\7\246.log
c:\documents and settings\All Users\Application Data\sacache\7\247.log
c:\documents and settings\All Users\Application Data\sacache\7\248.log
c:\documents and settings\All Users\Application Data\sacache\7\249.log
c:\documents and settings\All Users\Application Data\sacache\7\25.log
c:\documents and settings\All Users\Application Data\sacache\7\250.log
c:\documents and settings\All Users\Application Data\sacache\7\251.log
c:\documents and settings\All Users\Application Data\sacache\7\252.log
c:\documents and settings\All Users\Application Data\sacache\7\253.log
c:\documents and settings\All Users\Application Data\sacache\7\254.log
c:\documents and settings\All Users\Application Data\sacache\7\255.log
c:\documents and settings\All Users\Application Data\sacache\7\256.log
c:\documents and settings\All Users\Application Data\sacache\7\257.log
c:\documents and settings\All Users\Application Data\sacache\7\258.log
c:\documents and settings\All Users\Application Data\sacache\7\259.log
c:\documents and settings\All Users\Application Data\sacache\7\26.log
c:\documents and settings\All Users\Application Data\sacache\7\260.log
c:\documents and settings\All Users\Application Data\sacache\7\261.log
c:\documents and settings\All Users\Application Data\sacache\7\262.log
c:\documents and settings\All Users\Application Data\sacache\7\263.log
c:\documents and settings\All Users\Application Data\sacache\7\264.log
c:\documents and settings\All Users\Application Data\sacache\7\265.log
c:\documents and settings\All Users\Application Data\sacache\7\266.log
c:\documents and settings\All Users\Application Data\sacache\7\267.log
c:\documents and settings\All Users\Application Data\sacache\7\268.log
c:\documents and settings\All Users\Application Data\sacache\7\269.log
c:\documents and settings\All Users\Application Data\sacache\7\27.log
c:\documents and settings\All Users\Application Data\sacache\7\270.log
c:\documents and settings\All Users\Application Data\sacache\7\271.log
c:\documents and settings\All Users\Application Data\sacache\7\272.log
c:\documents and settings\All Users\Application Data\sacache\7\273.log
c:\documents and settings\All Users\Application Data\sacache\7\274.log
c:\documents and settings\All Users\Application Data\sacache\7\275.log
c:\documents and settings\All Users\Application Data\sacache\7\276.log
c:\documents and settings\All Users\Application Data\sacache\7\277.log
c:\documents and settings\All Users\Application Data\sacache\7\28.log
c:\documents and settings\All Users\Application Data\sacache\7\29.log
c:\documents and settings\All Users\Application Data\sacache\7\3.log
c:\documents and settings\All Users\Application Data\sacache\7\30.log
c:\documents and settings\All Users\Application Data\sacache\7\31.log
c:\documents and settings\All Users\Application Data\sacache\7\32.log
c:\documents and settings\All Users\Application Data\sacache\7\33.log
c:\documents and settings\All Users\Application Data\sacache\7\34.log
c:\documents and settings\All Users\Application Data\sacache\7\35.log
c:\documents and settings\All Users\Application Data\sacache\7\36.log
c:\documents and settings\All Users\Application Data\sacache\7\37.log
c:\documents and settings\All Users\Application Data\sacache\7\38.log
c:\documents and settings\All Users\Application Data\sacache\7\39.log
c:\documents and settings\All Users\Application Data\sacache\7\4.log
c:\documents and settings\All Users\Application Data\sacache\7\40.log
c:\documents and settings\All Users\Application Data\sacache\7\41.log
c:\documents and settings\All Users\Application Data\sacache\7\42.log
c:\documents and settings\All Users\Application Data\sacache\7\43.log
c:\documents and settings\All Users\Application Data\sacache\7\44.log
c:\documents and settings\All Users\Application Data\sacache\7\45.log
c:\documents and settings\All Users\Application Data\sacache\7\46.log
c:\documents and settings\All Users\Application Data\sacache\7\47.log
c:\documents and settings\All Users\Application Data\sacache\7\48.log
c:\documents and settings\All Users\Application Data\sacache\7\49.log
c:\documents and settings\All Users\Application Data\sacache\7\5.log
c:\documents and settings\All Users\Application Data\sacache\7\50.log
c:\documents and settings\All Users\Application Data\sacache\7\51.log
c:\documents and settings\All Users\Application Data\sacache\7\52.log
c:\documents and settings\All Users\Application Data\sacache\7\53.log
c:\documents and settings\All Users\Application Data\sacache\7\54.log
c:\documents and settings\All Users\Application Data\sacache\7\55.log
c:\documents and settings\All Users\Application Data\sacache\7\56.log
c:\documents and settings\All Users\Application Data\sacache\7\57.log
c:\documents and settings\All Users\Application Data\sacache\7\58.log
c:\documents and settings\All Users\Application Data\sacache\7\59.log
c:\documents and settings\All Users\Application Data\sacache\7\6.log
c:\documents and settings\All Users\Application Data\sacache\7\60.log
c:\documents and settings\All Users\Application Data\sacache\7\61.log
c:\documents and settings\All Users\Application Data\sacache\7\62.log
c:\documents and settings\All Users\Application Data\sacache\7\63.log
c:\documents and settings\All Users\Application Data\sacache\7\64.log
c:\documents and settings\All Users\Application Data\sacache\7\65.log
c:\documents and settings\All Users\Application Data\sacache\7\66.log
c:\documents and settings\All Users\Application Data\sacache\7\67.log
c:\documents and settings\All Users\Application Data\sacache\7\68.log
c:\documents and settings\All Users\Application Data\sacache\7\69.log
c:\documents and settings\All Users\Application Data\sacache\7\7.log
c:\documents and settings\All Users\Application Data\sacache\7\70.log
c:\documents and settings\All Users\Application Data\sacache\7\71.log
c:\documents and settings\All Users\Application Data\sacache\7\72.log
c:\documents and settings\All Users\Application Data\sacache\7\73.log
c:\documents and settings\All Users\Application Data\sacache\7\74.log
c:\documents and settings\All Users\Application Data\sacache\7\75.log
c:\documents and settings\All Users\Application Data\sacache\7\76.log
c:\documents and settings\All Users\Application Data\sacache\7\77.log
c:\documents and settings\All Users\Application Data\sacache\7\78.log
c:\documents and settings\All Users\Application Data\sacache\7\79.log
c:\documents and settings\All Users\Application Data\sacache\7\8.log
c:\documents and settings\All Users\Application Data\sacache\7\80.log
c:\documents and settings\All Users\Application Data\sacache\7\81.log
c:\documents and settings\All Users\Application Data\sacache\7\82.log
c:\documents and settings\All Users\Application Data\sacache\7\83.log
c:\documents and settings\All Users\Application Data\sacache\7\84.log
c:\documents and settings\All Users\Application Data\sacache\7\85.log
c:\documents and settings\All Users\Application Data\sacache\7\86.log
c:\documents and settings\All Users\Application Data\sacache\7\87.log
c:\documents and settings\All Users\Application Data\sacache\7\88.log
c:\documents and settings\All Users\Application Data\sacache\7\89.log
c:\documents and settings\All Users\Application Data\sacache\7\9.log
c:\documents and settings\All Users\Application Data\sacache\7\90.log
c:\documents and settings\All Users\Application Data\sacache\7\91.log
c:\documents and settings\All Users\Application Data\sacache\7\92.log
c:\documents and settings\All Users\Application Data\sacache\7\93.log
c:\documents and settings\All Users\Application Data\sacache\7\94.log
c:\documents and settings\All Users\Application Data\sacache\7\95.log
c:\documents and settings\All Users\Application Data\sacache\7\96.log
c:\documents and settings\All Users\Application Data\sacache\7\97.log
c:\documents and settings\All Users\Application Data\sacache\7\98.log
c:\documents and settings\All Users\Application Data\sacache\7\99.log
c:\documents and settings\All Users\Application Data\sacache\7\index.dat
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\Tiger Install
c:\documents and settings\Damian\Application Data\.#
c:\documents and settings\Damian\Application Data\.#\MBX@104@3F37C8.###
c:\documents and settings\Damian\Application Data\.#\MBX@104@3F37D8.###
c:\documents and settings\Damian\Application Data\.#\MBX@104@3F37E8.###
c:\documents and settings\Damian\Application Data\PriceGong
c:\documents and settings\Damian\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Damian\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Damian\WINDOWS
C:\Thumbs.db
c:\windows\$NtUninstallKB1404$
c:\windows\$NtUninstallKB1404$\625011438
c:\windows\$NtUninstallKB1404$\787534963\@
c:\windows\$NtUninstallKB1404$\787534963\L\zqmlcooz
c:\windows\$NtUninstallKB1404$\787534963\loader.tlb
c:\windows\$NtUninstallKB1404$\787534963\U\@00000001
c:\windows\$NtUninstallKB1404$\787534963\U\@000000c0
c:\windows\$NtUninstallKB1404$\787534963\U\@000000cb
c:\windows\$NtUninstallKB1404$\787534963\U\@000000cf
c:\windows\$NtUninstallKB1404$\787534963\U\@80000000
c:\windows\$NtUninstallKB1404$\787534963\U\@800000c0
c:\windows\$NtUninstallKB1404$\787534963\U\@800000cb
c:\windows\$NtUninstallKB1404$\787534963\U\@800000cf
c:\windows\CSC\d6
c:\windows\imglib.dll
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\sassr.dat
c:\windows\SNMPAPI.DLL
c:\windows\sysk32.dll
c:\windows\system32\
c:\windows\system32\c_33705.nls
c:\windows\system32\config\systemprofile\Application Data\PriceGong
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\mru.xml
c:\windows\system32\sinvfct.dll
.
Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 20:28 . 2008-04-13 22:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2011-11-26 20:28 . 2008-04-13 22:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-26 18:16 . 2011-11-26 19:19 -------- d-----w- c:\program files\trend micro
2011-11-26 18:16 . 2011-11-26 18:17 -------- d-----w- C:\rsit
2011-11-26 17:02 . 2011-11-26 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-11-26 00:01 . 2011-11-26 00:01 -------- d-----w- c:\program files\Common Files\iS3
2011-11-25 22:20 . 2011-11-25 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-25 18:51 . 2011-11-25 18:51 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-25 18:45 . 2011-11-26 16:29 -------- d-sh--w- c:\documents and settings\Damian\Local Settings\Application Data\2ef0d473
2011-11-22 17:59 . 2011-11-22 17:59 -------- d-----r- c:\program files\Skype
2011-11-22 17:59 . 2011-11-22 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-11-13 20:53 . 2011-11-13 20:53 -------- d-----w- c:\documents and settings\Damian\Application Data\Razor
2011-11-13 20:38 . 2005-04-03 22:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-11-13 20:38 . 2005-04-03 22:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-11-13 20:38 . 2005-04-03 22:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-11-13 20:38 . 2005-04-03 22:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-11-13 20:38 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-11-13 20:38 . 2011-11-13 20:38 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-11-13 20:38 . 2011-11-13 20:38 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-11-05 20:51 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-05 20:51 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-05 20:51 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-05 20:51 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-05 20:51 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-05 20:51 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-05 20:51 . 2011-11-13 14:05 -------- d-----w- c:\windows\Logs
2011-10-31 18:22 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-10-31 18:21 . 2011-10-31 18:21 -------- d-----w- c:\program files\PC Connectivity Solution
2011-10-28 12:01 . 2011-10-30 21:52 -------- d-----w- c:\program files\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 13:39 . 2011-05-17 06:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 14:40 . 2011-10-11 14:40 6698 ----a-w- C:\cc_20111011_164023.reg
2011-10-03 03:06 . 2010-05-16 13:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2010-05-16 13:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-11 06:37 . 2011-09-11 06:36 13072 ----a-w- C:\cc_20110911_083649.reg
2011-09-11 06:36 . 2011-09-11 06:36 82 ----a-w- C:\cc_20110911_083641.reg
2011-08-31 15:00 . 2010-01-27 09:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="d:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-12 39408]
"WallpaperSS"="g:\program files\WallpaperSS\WallpaperSS.exe" [2010-11-16 454344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"egui"="g:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Damian\Start Menu\Programs\Startup\
egui.exe [2009-2-6 2021400]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kirby Alarm Pro.lnk - g:\program files\Kirby Alarm Pro\kirbyalarmpro.exe [2011-4-27 3174912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-03-29 16:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Damian^Start Menu^Programs^Startup^3DO - Might and Magic VII Registration.lnk]
path=c:\documents and settings\Damian\Start Menu\Programs\Startup\3DO - Might and Magic VII Registration.lnk
backup=c:\windows\pss\3DO - Might and Magic VII Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Damian^Start Menu^Programs^Startup^Mozilla Firefox 4.0 Beta 4.lnk]
path=c:\documents and settings\Damian\Start Menu\Programs\Startup\Mozilla Firefox 4.0 Beta 4.lnk
backup=c:\windows\pss\Mozilla Firefox 4.0 Beta 4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ------w- c:\program files\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-09 00:00 128920 ----a-w- d:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-07-26 12:17 94208 ----a-w- c:\program files\Lexmark 4300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-28 19:36 135664 ----atw- c:\documents and settings\Damian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 18:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-05-31 11:31 63048 ----a-w- d:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 14:34 1955208 ----a-w- d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe]
2005-08-02 17:45 192512 ----a-w- c:\program files\Lexmark 4300 Series\lxcemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 13:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 12:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 05:15 421888 ----a-w- d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 00:08 87336 ------w- d:\program files\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-10-28 12:02 1242448 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-12 08:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 23:00 90112 ----a-w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Hry\\F4Fx\\HalfLife2\\hl2.exe"=
"d:\\Program Files\\UOAM\\uoam.exe"=
"d:\\Program Files\\DAEMON Tools\\daemon.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Documents and Settings\\Damian\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Damian\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"g:\\Program Files\\Tunngle\\tnglctrl.exe"=
"g:\\Program Files\\Tunngle\\tunngle.exe"=
"d:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\s1xk1ll3r_svk_\\condition zero\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\s1xk1ll3r_svk_\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22044:TCP"= 22044:TCP:BitComet 22044 TCP
"22044:UDP"= 22044:UDP:BitComet 22044 UDP
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [9/25/2010 9:45 PM 40560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/27/2008 11:12 PM 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/22 16:10];d:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [6/28/2010 11:50 PM 87536]
R2 ekrn;ESET Service;g:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [8/4/2011 3:34 PM 1355776]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 2:07 AM 14336]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/27/2010 3:47 PM 368640]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\rainfo.sys [5/31/2010 12:31 PM 12856]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/16/2010 1:45 AM 35088]
R2 TunngleService;TunngleService;g:\program files\Tunngle\TnglCtrl.exe [7/3/2011 9:06 PM 733184]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1ca1b255eb2da80;Služba Google Update (gupdate1ca1b255eb2da80);c:\program files\Google\Update\GoogleUpdate.exe [8/12/2009 9:17 AM 127488]
S3 CA504AV;GSmart Mini 2 WDM Video Capture;c:\windows\system32\drivers\CA504AV.SYS [4/2/2011 8:47 AM 508394]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [3/6/2011 3:35 PM 23608]
S3 DrmRVideo;DrmRVideo;c:\windows\system32\drivers\DrmRVideo.sys [3/6/2011 3:35 PM 5688]
S3 FLASHSYS;FLASHSYS;\??\c:\windows\system32\DRIVERS\FLASHSYS.sys --> c:\windows\system32\DRIVERS\FLASHSYS.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/12/2009 9:17 AM 127488]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/27/2010 10:52 AM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Sunplus;GSmart Mini 2 Still Image Capture;c:\windows\system32\drivers\Bulk504.sys [4/2/2011 8:42 AM 10988]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [7/3/2011 9:06 PM 27136]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\windows\system32\NTACCESS.SYS --> c:\windows\system32\NTACCESS.SYS [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [10/14/2009 10:17 PM 16640]
S4 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/27/2010 11:52 AM 366152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-12 15:40]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 08:17]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 08:17]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1383384898-682003330-1003Core.job
- c:\documents and settings\Damian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-10 19:36]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1383384898-682003330-1003UA.job
- c:\documents and settings\Damian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-10 19:36]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Damian\Application Data\Mozilla\Firefox\Profiles\srarouhq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-AgataSoft ShutDown Pro - (no file)
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-AgataSoft ShutDown Pro - d:\program files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe
MSConfigStartUp-Jet Detection - d:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe
MSConfigStartUp-RemoteControl - d:\program files\CyberLink\PowerDVD\PDVDServ.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Lidské tělo 2.0 - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-26 21:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4DB61487-A0FE-75D4-0C72-52677982F63C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abnleppllldhgncpckamoeejmjbhblhghp"=hex:70,61,6c,6c,70,67,6c,68,70,6d,6b,61,
6a,6a,62,6f,6a,68,6f,70,64,6e,61,6e,6c,61,6d,6d,65,62,64,6d,00,40
"mamlhpjkkclaejbijfoedhnbgd"=hex:6f,61,6e,66,6c,62,70,65,62,6a,6f,65,67,6f,66,
67,64,6b,61,69,6b,6e,6e,69,6e,6f,67,70,68,66,00,6d
.
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B9DCD33-A06D-5DE3-7419-AA438A1608E3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajaobhhhebjpmcjii"=hex:6d,61,6e,6a,6e,66,70,6c,6f,68,6e,67,68,61,63,67,69,6b,
64,69,6c,6b,61,66,64,6d,00,77
"hapbeaphfpkmmjbg"=hex:6d,61,6e,6a,6e,66,70,6c,6f,68,6e,67,68,61,63,67,69,6b,
64,69,6c,6b,61,66,64,6d,00,77
"gagpgabkapainm"=hex:61,63,69,6a,70,63,6c,63,6b,63,69,6d,6e,6c,6c,63,61,6b,68,
68,6e,6d,69,66,6e,6e,63,63,70,65,6c,65,68,68,67,6d,63,6d,6a,67,64,6f,61,6c,\
.
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D7095CDF-8699-AF45-4C61-7D95CEF31419}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c5,63,db,00,98,ec,e3,02,99,46,c6,0c,eb,60,c4,4d,7d,90,aa,50,74,d7,c0,
64,3b,31,75,6f,de,49,1e,15,87,66,96,46,ac,89,aa,ee,93,8e,22,ec,d3,ca,ce,d0,\
"??"=hex:d8,9e,29,62,d6,0d,e1,69,74,5f,af,f9,1b,a3,73,3d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1228)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-26 21:41:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-26 20:41
.
Pre-Run: 9 157 554 176 bytes free
Post-Run: 9 123 336 192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7421D87DEBD20D9A99053F0A2153FE71






Momentalne som vo windowse uz so zapnutym ESETom a zatial nevidim ziaden problem.
Je to ale chvilka pretoze chcem hned odpovedat.
Pockam este na vas nazor.

[cernohous13]

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFscriptu".
Soubor ulož na plochu jako CFscript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.

CFscript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"Adobe Acrobat Speed Launcher"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

File::
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1383384898-682003330-1003Core.job
c:\documents and settings\Damian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

RegNull::
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4DB61487-A0FE-75D4-0C72-52677982F63C}*]
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B9DCD33-A06D-5DE3-7419-AA438A1608E3}*]

doporučuji odinstalaci c:\program files\ConduitEngine

na log z ComboFixu kouknu ráno

[S1m0n]

Zdravím.

Musím na začiatku povedať že celý systém je zase rýchlejší.
Vlastne sa ani nepamatám kedy bol v takejto dobrej kondícií.


Takže som sputil ComboFix cez CFscript a tu je log:

ComboFix 11-11-26.04 - Damian . 11. 2011 9:53.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1490 [GMT 1:00]
Running from: c:\documents and settings\Damian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Damian\Desktop\CFscript.txt.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
FILE ::
"c:\documents and settings\Damian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1383384898-682003330-1003Core.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Damian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1383384898-682003330-1003Core.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate1ca1b255eb2da80
-------\Service_gupdate1ca1b255eb2da80
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-26 21:31 . 2011-11-26 21:31 14494 ----a-w- C:\cc_20111126_223138.reg
2011-11-26 20:28 . 2008-04-13 22:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2011-11-26 20:28 . 2008-04-13 22:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-26 18:16 . 2011-11-26 19:19 -------- d-----w- c:\program files\trend micro
2011-11-26 18:16 . 2011-11-26 18:17 -------- d-----w- C:\rsit
2011-11-26 17:02 . 2011-11-26 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-11-26 00:01 . 2011-11-26 00:01 -------- d-----w- c:\program files\Common Files\iS3
2011-11-25 22:20 . 2011-11-25 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-25 18:51 . 2011-11-25 18:51 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-11-25 18:45 . 2011-11-26 16:29 -------- d-sh--w- c:\documents and settings\Damian\Local Settings\Application Data\2ef0d473
2011-11-22 17:59 . 2011-11-22 17:59 -------- d-----r- c:\program files\Skype
2011-11-22 17:59 . 2011-11-22 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-11-13 20:53 . 2011-11-13 20:53 -------- d-----w- c:\documents and settings\Damian\Application Data\Razor
2011-11-13 20:38 . 2005-04-03 22:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-11-13 20:38 . 2005-04-03 22:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-11-13 20:38 . 2005-04-03 22:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-11-13 20:38 . 2005-04-03 22:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-11-13 20:38 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-11-13 20:38 . 2011-11-13 20:38 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-11-13 20:38 . 2011-11-13 20:38 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-11-05 20:51 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-05 20:51 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-05 20:51 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-05 20:51 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-05 20:51 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-05 20:51 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-05 20:51 . 2011-11-26 21:30 -------- d-----w- c:\windows\Logs
2011-10-31 18:22 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-10-31 18:21 . 2011-10-31 18:21 -------- d-----w- c:\program files\PC Connectivity Solution
2011-10-28 12:01 . 2011-10-30 21:52 -------- d-----w- c:\program files\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 13:39 . 2011-05-17 06:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 14:40 . 2011-10-11 14:40 6698 ----a-w- C:\cc_20111011_164023.reg
2011-10-03 03:06 . 2010-05-16 13:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2010-05-16 13:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-11 06:37 . 2011-09-11 06:36 13072 ----a-w- C:\cc_20110911_083649.reg
2011-09-11 06:36 . 2011-09-11 06:36 82 ----a-w- C:\cc_20110911_083641.reg
2011-08-31 15:00 . 2010-01-27 09:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-26_20.38.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-27 09:01 . 2011-11-27 09:01 16384 c:\windows\temp\Perflib_Perfdata_22c.dat
+ 2011-11-27 09:01 . 2011-11-27 09:01 16384 c:\windows\temp\Perflib_Perfdata_12c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RestoreDesktop"="d:\program files\Restore Desktop\RestoreDesktop.exe" [2003-03-11 45056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-12 39408]
"WallpaperSS"="g:\program files\WallpaperSS\WallpaperSS.exe" [2010-11-16 454344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"egui"="g:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Damian\Start Menu\Programs\Startup\
egui.exe [2009-2-6 2021400]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kirby Alarm Pro.lnk - g:\program files\Kirby Alarm Pro\kirbyalarmpro.exe [2011-4-27 3174912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-03-29 16:16 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Damian^Start Menu^Programs^Startup^3DO - Might and Magic VII Registration.lnk]
path=c:\documents and settings\Damian\Start Menu\Programs\Startup\3DO - Might and Magic VII Registration.lnk
backup=c:\windows\pss\3DO - Might and Magic VII Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Damian^Start Menu^Programs^Startup^Mozilla Firefox 4.0 Beta 4.lnk]
path=c:\documents and settings\Damian\Start Menu\Programs\Startup\Mozilla Firefox 4.0 Beta 4.lnk
backup=c:\windows\pss\Mozilla Firefox 4.0 Beta 4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ------w- c:\program files\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-11-09 00:00 128920 ----a-w- d:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-07-26 12:17 94208 ----a-w- c:\program files\Lexmark 4300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-12-13 18:10 1688872 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-05-31 11:31 63048 ----a-w- d:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 14:34 1955208 ----a-w- d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcemon.exe]
2005-08-02 17:45 192512 ----a-w- c:\program files\Lexmark 4300 Series\lxcemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 13:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
2007-09-07 12:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 05:15 421888 ----a-w- d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-03 00:08 87336 ------w- d:\program files\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-10-28 12:02 1242448 ----a-w- d:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-12 08:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-10 23:00 90112 ----a-w- c:\windows\Updreg.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Hry\\F4Fx\\HalfLife2\\hl2.exe"=
"d:\\Program Files\\UOAM\\uoam.exe"=
"d:\\Program Files\\DAEMON Tools\\daemon.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Documents and Settings\\Damian\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Damian\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"g:\\Program Files\\Tunngle\\tnglctrl.exe"=
"g:\\Program Files\\Tunngle\\tunngle.exe"=
"d:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\Steam\\steamapps\\s1xk1ll3r_svk_\\condition zero\\hl.exe"=
"d:\\Program Files\\Steam\\steamapps\\s1xk1ll3r_svk_\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22044:TCP"= 22044:TCP:BitComet 22044 TCP
"22044:UDP"= 22044:UDP:BitComet 22044 UDP
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [9/25/2010 9:45 PM 40560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/27/2008 11:12 PM 721904]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/22 16:10];d:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [6/28/2010 11:50 PM 87536]
R2 ekrn;ESET Service;g:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [8/4/2011 3:34 PM 1355776]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 2:07 AM 14336]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/27/2010 3:47 PM 368640]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\rainfo.sys [5/31/2010 12:31 PM 12856]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/16/2010 1:45 AM 35088]
R2 TunngleService;TunngleService;g:\program files\Tunngle\TnglCtrl.exe [7/3/2011 9:06 PM 733184]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 CA504AV;GSmart Mini 2 WDM Video Capture;c:\windows\system32\drivers\CA504AV.SYS [4/2/2011 8:47 AM 508394]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [3/6/2011 3:35 PM 23608]
S3 DrmRVideo;DrmRVideo;c:\windows\system32\drivers\DrmRVideo.sys [3/6/2011 3:35 PM 5688]
S3 FLASHSYS;FLASHSYS;\??\c:\windows\system32\DRIVERS\FLASHSYS.sys --> c:\windows\system32\DRIVERS\FLASHSYS.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/27/2010 10:52 AM 22216]
S3 Sunplus;GSmart Mini 2 Still Image Capture;c:\windows\system32\drivers\Bulk504.sys [4/2/2011 8:42 AM 10988]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [7/3/2011 9:06 PM 27136]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\windows\system32\NTACCESS.SYS --> c:\windows\system32\NTACCESS.SYS [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [10/14/2009 10:17 PM 16640]
S4 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/27/2010 11:52 AM 366152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Damian\Application Data\Mozilla\Firefox\Profiles\srarouhq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Update - c:\documents and settings\Damian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 10:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c5,63,db,00,98,ec,e3,02,99,46,c6,0c,eb,60,c4,4d,7d,90,aa,50,74,d7,c0,
64,3b,31,75,6f,de,49,1e,15,87,66,96,46,ac,89,aa,ee,93,8e,22,ec,d3,ca,ce,d0,\
"??"=hex:d8,9e,29,62,d6,0d,e1,69,74,5f,af,f9,1b,a3,73,3d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-11-27 10:04:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-27 09:04
ComboFix2.txt 2011-11-26 20:41
.
Pre-Run: 9 081 556 992 bytes free
Post-Run: 9 052 725 248 bytes free
.
- - End Of File - - 625C6338E2898ECF9A03ED2F1DEF3D52






Chcel som odinštalovať spomínaný

c:\program files\ConduitEngine

ale v zložke nieje žiaden súbor na odinštaláciu a nieje ani vo windows paneli/zozname na odstránenie programov.
Stačí tento priečinok len zmazať ?

[cernohous13]

Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopíruj

Kód: Vybrat vše

:dir
c:\documents and settings\Damian\Local Settings\Application Data\2ef0d473 /s

Klik na "Look" a po scanu sem zkopíruj výsledek hledání

ConduitEngine pak odstraníme dalším krokem spolu s ostatními zbytečnostmi

[S1m0n]

systemLook.exe log:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:29 on 27/11/2011 by Damian
Administrator - Elevation successful

========== dir ==========

c:\documents and settings\Damian\Local Settings\Application Data\2ef0d473 - Parameters: "/s"

---Files---
@ --ahs-- 2048 bytes [18:45 25/11/2011] [18:45 25/11/2011]

c:\documents and settings\Damian\Local Settings\Application Data\2ef0d473\U d-ahs-- [18:45 25/11/2011]

-= EOF =-

[cernohous13]

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\

Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

:Files
c:\documents and settings\Damian\Local Settings\Application Data\2ef0d473
c:\program files\ConduitEngine
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-

udělej kontrolu NODem

[S1m0n]

OTM spustene ,restart povoleny a log:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Damian
->Temp folder emptied: 842 bytes
->Temporary Internet Files folder emptied: 268441 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 147479259 bytes
->Flash cache emptied: 721 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 180358 bytes
->Flash cache emptied: 456 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 972341 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 142,00 mb


[EMPTYFLASH]

User: All Users

User: Damian
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


Restore points cleared and new OTM Restore Point set!
========== FILES ==========
c:\documents and settings\Damian\Local Settings\Application Data\2ef0d473\U folder moved successfully.
c:\documents and settings\Damian\Local Settings\Application Data\2ef0d473 folder moved successfully.
c:\program files\ConduitEngine folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\Installer\MSI750.tmp moved successfully.
C:\WINDOWS\Installer\MSI8E2.tmp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.

OTM by OldTimer - Version 3.1.19.0 log created on 11272011_192930

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_5fc.dat moved successfully.

Registry entries deleted on Reboot...





ESET prešiel kompletne disk C: a nenašiel žiadnu infekciu.

[cernohous13]

zdá se, že máš čisto
a jestli už nenacházíš nic podivného, tak po sobě uklidím

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

stáhni program OTC tady: http://oldtimer.geekstogo.com/OTC.exe - spusť ho -> "CleanUp" (smaže dříve použité čističe)

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

Po vyčištění by se hodila defragmentace
doporučuji http://www.slunecnice.cz/sw/defraggler/ + čeština

Kdyby něco z návodu nefungovalo, pokračuj dalším krokem.

[S1m0n]

Ešte by som spomenul že sa mi po dlhej dobe stalo (dialo sa to už aj v minulosti ale max.2 mesačne) že po nabehnutí systému vypadla hláška:

Generic Host Process For Win32 Services:
Generic Host Process For Win32 Services has
encountered a problem and needs to close. We are sorry
for the inconvenience.






Osobne si myslim ze je to len chyba windowsu a nie nejaká infiltrácia.

Taktiež tu je problém ktorý sa ale opakuje často a už dlhú dobu.
Po nabehnutí systému ESET vzhodí hlášku:

ESET Smart Security:
Error communicating with kernel






ekrn.exe v pozadí pracuje takže sa nespustí len egui čo pokial viem je len grafické rozhranie.
Dá sa následne spustiť po krátkej chvílke.

Tiež by som toto osobne neriešil.

Radšej to však spomeniem a budem rád ak k tomuto vyjadríš svoj názor.
Vdaka

[cernohous13]

1 - Ta první hláška se bude obtížně specifikovat - když po ní nezjistíš co ti přestalo fungovat

2 - Jednu chvíli mi stejné problémy dělal Avast - vyřešil jsem přeinstalací

[S1m0n]

Zdravím.
Rozumiem a ďakujem za odpoveďe.

Ešte som čakal s tým čistením ,pretože prehliadanie webu (FF9.0beta) malo nejakú divnú odozvu a bolo spomalené cca. o 30% .
Momentálne je to už v poriadku a bolo to pravdepodobne sposobené providerom netu.
Každopádne systém je svižnejší ako kedykoľvek predtým ,čo je skvelé (:


Čistenie som previedol podľa návodu bez problémov.
Osobne poznám Ccleaner a priebežne ho používam a mám ho za naozaj kvalitný čistič.
Defraggler sa zdá byť od rovnakého výrobcu ako som postrehol zo samotnej inštalácie a defragmentácia je aj posledný bod ktorý ma čaká.

Ale ešte predtým by som sa chcel poďakovať za profesionálnu pomoc s rýchlou odozvou.
Toto je moja prvá skúsenosť s vašim fórom a som maximálne spokojný ,preto sa určite pozriem na to ,ako vás podporiť (:

Prajem veľa úspechov v usmrcovaní virov !

S pozdravom
S1m0n

[cernohous13]

Jsem rád, že se to podařilo i díky tvé kvalitní spolupráci
Nemáš zač - rádo se stalo a jsme tady i příště