Премини към съдържанието
Форумът в приложение

По-лесно сърфиране. Научи повече.
Kaldata.com - Форуми

Приложение на форума на цял екран с push известия, значки и други.

За да инсталирате това приложение на iOS и iPadOS
  1. Докоснете Иконата за споделяне в Safari
  2. Превъртете менюто и докоснете Добавяне към началния екран.
  3. Докоснете Добавяне в горния десен ъгъл.
За да инсталирате това приложение на Android
  1. Докоснете менюто с 3 точки (⋮) в горния десен ъгъл на браузъра.
  2. Докоснете Добавяне към началния екран или Инсталиране на приложение.
  3. Потвърдете, като докоснете Инсталиране.
Добави Kaldata.com в предпочитани източници в Google

Добре дошли!

Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

 

HiJackThis/Log :Оптимизация/Анализ/Ревю

lost in
в Сигурност и антивирусна защита

Featured Replies

Мисля, че съм чист. А вие какво ще кажете?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:57:41, on 24.5.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\GIGABYTE\GEST\gest.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\GIGABYTE\GEST\GSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Beleg Kutalion\Desktop\Something.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O13 - Gopher Prefix:

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

  • Отговори 577
  • Прегледи 87,5k
  • Създадено
  • Последен отговор

Потребители с най-много отговори

Популярни дни

Най-популярни публикации

  • lost in
    lost in

    Ще помоля,ако имате проблем,забиване влачене, изскачащи прозорци,тогава да се предоставят логове.

  • lost in
    lost in

    Няма за какво,приятел,маркирай това и дай Fix Checked ,не си виждал много процеси,затова O8 - Extra context menu item: Добави в Анти-Банер - C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet

  • lost in
    lost in

    spote прочети внимателно инструкциите ,НО преди това изпълни "Препоръчителните действия",след което дай лог от HiJackThis executable,дал съм подробна информация,не бързай! Този от Trend Micro System

Публикувани изображения

Чист си, според лога от HiJackThis. Все пак, би могъл да поправиш този ред:

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

  • Автор
Мисля, че съм чист. А вие какво ще кажете?

Във първия пост на тази тема,много ясно е написано,че програмата **ориентировъчно Ви показва кое какво би могло да бъде, но не разчитайте твърде много на това.Затова Ви помолих да изтеглите инструмента от подписа ми и да сканирате под safe mode,направихте ли го?

Новите заплахи,могат да НЕ бъдат засечени от HiJackThis.

Лек ден!

Да. Направих го (всъщност го бях направил още преди да започна да пиша за проблема във форума). Не засече нищо. Което не ме успокоява напълно, защото очевидно гадинката е корава. Ще видя, когато конфигурирам новия ОС дали ще има проблеми, но този път се надявам да няма такива. Но за това ще пиша, когато се прибера.

това е от скан с hijackthis имам проблеми с ise32.exe постоянно ми забива компа и ми блокира task managera.бихте ли ми казали какво да направя за го изчистя.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:52 ч., on 27.5.2009 г.

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Datecs\FlexType 2K\FType2K.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\post.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://######/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [batteryBar] c:\program files\batterybar\batterybar.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [RGSC] F:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe

O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/htd...sreqlab_srl.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

--

End of file - 11626 bytes

krastevv, отворете HiJackThis, изберете Do a system scan only и сложете отметки на следните редове:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/htd...sreqlab_srl.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

Накрая затворете браузъра си и изберете Fix Checked.

Моля, отидете на Start --> Settings --> Control Panel --> Add or Remove Programs, и деинсталирайте следните програми (Ако присъстват в списъка):

AOL Toolbar

Daemon Tools Toolbar

Adobe Reader 9.0

Toolbars са излишни, затова Ви препоръчвам да ги премахнете. Освен това, Adobe Reader 9.0 е доста уязвим и затова Ви предлагам да се насочите към неговия по-сигурен конкурент - Foxit Reader.

http://www.kaldata.com/comments.php?id=441...highlight=foxit

Накрая рестартирайте компютъра си.

След рестартирането:

1) Изтеглете програмата: LSP-Fix

2) Запазете я на работния си плот

3) Стартирайте я

4) Сложете отметка пред I know what i'm doing

5) Кликнeje веднъж върху wpclsp.dll , след това кликнете на >> , за да го прехвърлите отдясно (от другата страна)

6) Изберете Finish

7) Компютърът Ви ще се рестартира

Накрая:

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

  • * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
    * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
    * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемите вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

И освен лога от MalwareBytes' Anti-Malware ще е необходим и нов лог файл от HiJackThis.

Това е лога на hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:13 ч., on 27.5.2009 г.

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Datecs\FlexType 2K\FType2K.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\User\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://######/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [batteryBar] c:\program files\batterybar\batterybar.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [RGSC] F:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe

O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe

--

End of file - 10139 bytes

А това е от malwarebytes

Malwarebytes' Anti-Malware 1.37

Database version: 2185

Windows 6.0.6001 Service Pack 1

27.5.2009 г. 20:04:23

mbam-log-2009-05-27 (20-04-23).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 375662

Time elapsed: 1 hour(s), 39 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security service (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Files Infected:

c:\RESTORE\s-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.

c:\RESTORE\s-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Благодаря за помоща

Не виждам инсталирана антивирусна програма на вашия компютър, добре е да си инсталирате някоя. За повече информация, можете да разгледате този раздел в него има много мнения (повечето без аргументация, но това е нормално както за този форум, така и за почти всички български форуми), от които можете да добиете някаква представа за антивирусните продукти, но направете това накрая, след като приключим с почистването на системата Ви.

Сега:

1) Изтеглете ComboFix от: тук

2) Запазете го на работния си плот (десктоп).

3) Кликнете два пъти върху combofix.exe

4) ComboFix ще започне да сканира вашата система, докато трае сканирането не барайте нищо. Накрая ще се рестартира компютъра Ви.

5) След рестарта изчакайте да завърши сканирането на ComboFix и да генерира лог файл. Когато сканирането завърши ще Ви изскочи Notepad, копирайте съдържанието му и го публикувайте в следващия си пост тук. Ако не Ви изскочи, влезте в C:\ и намерете файл с името combofix.txt . Отворете го, копирайте съдържанието му и го публикувайте тук.

Излезе този лог,но не се рестартира.

ComboFix 09-05-26.05 - User 05.2009 г. 20:43.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.359.1033.18.3068.1819 [GMT 3:00]

Running from: c:\users\User\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\kbdbds.Dll

c:\windows\system32\KBDBPH.dLL

c:\windows\system32\kbdbphz.dLL

D:\Desktop.ini

.

((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))

.

2009-05-27 17:47 . 2009-05-27 17:47 -------- d-----w c:\users\rosen\AppData\Local\temp

2009-05-27 17:35 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDD36AC-9325-4431-9F05-E9EE3D4F9A3C}\mpengine.dll

2009-05-27 15:22 . 2009-05-27 15:22 -------- d-----w c:\users\User\AppData\Roaming\Malwarebytes

2009-05-27 15:22 . 2009-05-26 10:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-27 15:22 . 2009-05-27 17:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-27 15:22 . 2009-05-27 15:22 -------- d-----w c:\programdata\Malwarebytes

2009-05-27 15:22 . 2009-05-26 10:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-27 14:35 . 2009-05-27 14:35 680 ----a-w c:\users\User\AppData\Local\d3d9caps.dat

2009-05-27 13:07 . 2009-05-27 13:13 -------- d-----w c:\programdata\Norton

2009-05-27 13:04 . 2009-05-27 13:05 -------- d-----w c:\programdata\NortonInstaller

2009-05-27 12:46 . 2009-05-27 12:46 -------- d-----w c:\program files\Trend Micro

2009-05-26 05:17 . 2009-05-26 05:17 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Ubisoft

2009-05-26 05:11 . 2009-05-26 05:16 -------- d-----w c:\users\Rosen.User-PC\AppData\Local\Microsoft Games

2009-05-25 16:15 . 2009-05-25 16:15 7592 ----a-w c:\users\Rosen.User-PC\AppData\Local\d3d9caps.dat

2009-05-25 15:57 . 2009-05-25 15:57 -------- d-----w c:\users\Rosen.User-PC\Bluetooth Software

2009-05-25 15:04 . 2009-05-25 15:57 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\DAEMON Tools

2009-05-25 13:17 . 2009-05-28 01:14 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Winamp

2009-05-25 10:56 . 2009-05-25 10:56 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\skypePM

2009-05-25 10:55 . 2009-05-25 11:25 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Skype

2009-05-25 10:53 . 2009-05-25 10:53 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-25 10:46 . 2009-05-25 10:46 103472 ----a-w c:\users\Rosen.User-PC\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-25 10:46 . 2009-05-25 10:46 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Nero

2009-05-25 10:46 . 2009-05-28 01:14 -------- d-----w c:\users\Rosen.User-PC\AppData\Local\QuickPlay

2009-05-25 10:29 . 2009-05-25 10:29 -------- d-----w c:\users\Guest\AppData\Roaming\Skype

2009-05-25 10:23 . 2009-05-25 10:23 -------- d-----w c:\users\Guest\AppData\Roaming\Nero

2009-05-25 09:19 . 2009-05-27 17:04 -------- d-sh--r C:\RESTORE

2009-05-24 16:10 . 2009-05-24 16:10 -------- d-----w c:\programdata\WindowsSearch

2009-05-24 14:48 . 2009-05-24 14:48 -------- d-----w c:\users\rosen\AppData\Roaming\Nero

2009-05-24 13:46 . 2009-05-24 13:46 -------- d-----w c:\users\User\AppData\Local\Ahead

2009-05-24 08:23 . 2009-05-24 08:23 -------- d-----w c:\users\Public\CyberLink

2009-05-21 08:41 . 2009-05-21 08:41 -------- d-----w c:\users\all\AppData\Local\Rockstar Games

2009-05-18 18:06 . 2009-05-18 18:08 -------- d-----w c:\users\User\AppData\Local\Rockstar Games

2009-05-18 18:02 . 2009-05-18 18:02 -------- d--h--r c:\users\User\AppData\Roaming\SecuROM

2009-05-18 18:01 . 2009-05-18 18:45 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2009-05-18 18:01 . 2009-05-18 18:01 -------- d-----w c:\windows\system32\xlive

2009-05-18 17:12 . 2009-05-18 18:02 107888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-05-18 13:18 . 2009-05-18 13:18 -------- d-----w c:\users\User\AppData\Roaming\Activision

2009-05-18 09:19 . 2009-05-23 08:54 -------- d-----w c:\users\all\AppData\Roaming\skypePM

2009-05-17 12:43 . 2009-05-27 17:32 -------- d-----w c:\users\User\AppData\Roaming\Skype

2009-05-17 12:43 . 2009-05-17 12:43 -------- d-----w c:\program files\Skype

2009-05-17 12:43 . 2009-05-17 12:43 -------- d-----w c:\program files\Common Files\Skype

2009-05-17 12:16 . 2009-05-17 12:16 -------- d-----w c:\users\all\AppData\Local\VirtualStore

2009-05-15 19:13 . 2009-05-16 09:26 -------- d-----w c:\program files\SpeedFan

2009-05-15 17:20 . 2009-05-15 17:20 -------- d-----w c:\program files\EasyBits For Kids

2009-05-15 17:00 . 2009-05-15 17:00 -------- d-----w c:\users\User\AppData\Roaming\Leadertech

2009-05-15 16:44 . 2009-05-15 16:44 -------- d-----w c:\program files\EA Games

2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\program files\AGEIA Technologies

2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\windows\system32\AGEIA

2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-15 14:43 . 2009-05-18 17:07 -------- d-----w c:\program files\Activision

2009-05-15 14:42 . 2009-05-15 14:42 -------- d-sh--w c:\windows\ftpcache

2009-05-15 14:40 . 2009-05-15 14:41 -------- d-----w c:\users\User\AppData\Local\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\users\User\AppData\Roaming\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\programdata\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\program files\Common Files\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\program files\ACD Systems

2009-05-15 14:39 . 2009-05-15 14:39 10368 ----a-w c:\windows\system32\drivers\pfc.sys

2009-05-15 12:01 . 2009-05-20 00:40 -------- d-----w c:\users\all\AppData\Local\Microsoft Games

2009-05-15 11:53 . 2009-05-15 11:53 -------- d-----w c:\users\all\Bluetooth Software

2009-05-15 11:51 . 2009-05-23 09:52 -------- d-----w c:\users\all\AppData\Roaming\Skype

2009-05-14 03:56 . 2009-05-14 03:56 -------- d-----w c:\users\User\AppData\Roaming\InstallShield

2009-05-12 11:00 . 2009-05-12 11:00 -------- d-----w c:\users\Guest\Bluetooth Software

2009-05-11 17:45 . 2009-05-11 17:45 -------- d-----w c:\users\User\AppData\Local\Hewlett-Packard

2009-05-11 13:01 . 2009-05-24 18:36 -------- d-----w c:\users\User\AppData\Local\Google

2009-05-11 12:17 . 2009-05-11 15:47 -------- d-----w c:\users\rosen\AppData\Local\Google

2009-05-11 12:13 . 2009-05-12 17:48 -------- d-----w c:\program files\Google

2009-05-11 11:52 . 2009-05-11 11:52 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-05-11 11:51 . 2009-05-11 11:51 -------- d-----w c:\program files\Common Files\Adobe

2009-05-11 07:39 . 2009-05-11 07:39 -------- d-----w c:\program files\Valve

2009-05-10 17:46 . 2009-05-10 17:46 -------- d-----w c:\program files\Microsoft.NET

2009-05-10 17:44 . 2009-05-10 17:44 -------- d-----w c:\program files\Microsoft Visual Studio 8

2009-05-10 17:43 . 2009-05-10 17:43 -------- d-----w c:\users\User\AppData\Local\Microsoft Help

2009-05-10 17:42 . 2009-05-10 17:42 -------- d--h--r C:\MSOCache

2009-05-10 17:02 . 2009-05-10 17:02 -------- d-----w C:\NVIDIA

2009-05-10 14:37 . 2009-05-24 18:33 -------- d-----w c:\users\User\AppData\Local\Nero

2009-05-10 14:15 . 2009-05-10 14:47 -------- d-----w c:\program files\Left 4 Dead

2009-05-10 14:15 . 2009-05-10 14:15 -------- d-----w c:\windows\Left 4 Dead

2009-05-10 13:14 . 2008-01-21 02:24 638976 ----a-w c:\windows\system32\win_utilman.exe

2009-05-10 13:14 . 2009-05-10 13:14 56 ---ha-w c:\windows\system32\ezsidmv.dat

2009-05-10 13:14 . 2009-05-10 13:14 91136 ----a-w c:\windows\system32\ezUninst.exe

2009-05-10 13:14 . 2009-05-10 13:14 49152 ----a-w c:\windows\system32\ezUPBHook.dll

2009-05-10 13:14 . 2009-05-10 13:14 268288 ----a-w c:\windows\system32\ezSetup.exe

2009-05-10 13:14 . 2009-05-10 13:14 15872 ----a-w c:\windows\system32\ezMAPIHelper.exe

2009-05-10 13:14 . 2009-05-10 13:14 111104 ----a-w c:\windows\system32\ezShellStart.exe

2009-05-10 10:38 . 1999-11-29 17:33 7440 ----a-w c:\windows\system32\kbdlk41j.Dll

2009-05-10 10:38 . 1999-12-07 06:00 6416 ----a-w c:\windows\system32\kbdbp.Dll

2009-05-10 10:38 . 1999-11-18 02:04 7440 ----a-w c:\windows\system32\Kbddll.dll

2009-05-10 10:38 . 1999-11-11 10:47 6928 ----a-w c:\windows\system32\kbdhebx.Dll

2009-05-10 10:38 . 2002-04-22 21:17 45056 ----a-w c:\windows\system32\newdll.dll

2009-05-10 10:38 . 2009-05-10 10:38 -------- d-----w c:\program files\Datecs

2009-05-10 00:05 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll

2009-05-10 00:05 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

2009-05-10 00:05 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-05-10 00:05 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll

2009-05-10 00:05 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe

2009-05-10 00:05 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

2009-05-10 00:05 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe

2009-05-10 00:02 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll

2009-05-10 00:02 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll

2009-05-10 00:02 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll

2009-05-10 00:01 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll

2009-05-10 00:01 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll

2009-05-10 00:01 . 2009-05-10 00:01 -------- d-----w c:\program files\MSXML 4.0

2009-05-09 21:01 . 1999-03-23 07:12 299520 ----a-w c:\windows\uninst.exe

2009-05-09 20:41 . 2009-05-09 20:41 -------- d-----w c:\program files\Lavalys

2009-05-09 20:00 . 2009-05-09 20:00 -------- d-----w c:\users\User\AppData\Roaming\Ubisoft

2009-05-09 20:00 . 2009-05-09 20:00 -------- d-----w c:\programdata\Ubisoft

2009-05-09 19:42 . 2009-05-14 03:56 -------- d-----w c:\program files\Ubisoft

2009-05-09 19:21 . 2009-05-24 07:44 -------- d-----w c:\program files\The KMPlayer

2009-05-09 19:13 . 2009-05-09 19:13 -------- d-----w c:\windows\Driver Cache

2009-05-09 19:13 . 2009-05-09 19:13 -------- d-----w c:\program files\AVerMedia

2009-05-09 18:57 . 2009-05-09 18:57 -------- d-----w c:\users\User\AppData\Roaming\NeroDCTemplates

2009-05-09 18:54 . 2009-05-24 13:44 -------- d-----w c:\users\User\AppData\Roaming\Nero

2009-05-09 18:19 . 2009-05-24 13:41 -------- d-----w c:\program files\Nero

2009-05-09 18:18 . 2009-05-24 13:43 -------- d-----w c:\program files\Common Files\Nero

2009-05-09 18:18 . 2009-05-24 13:41 -------- d-----w c:\programdata\Nero

2009-05-09 18:18 . 2009-05-09 18:18 -------- d-----w c:\program files\Common Files\LightScribe

2009-05-09 17:53 . 2009-05-11 09:43 -------- d-----w c:\programdata\LightScribe

2009-05-09 16:39 . 2009-05-09 16:51 -------- d-----w c:\users\rosen\AppData\Roaming\DAEMON Tools

2009-05-09 16:02 . 2009-05-09 16:02 -------- d-----w c:\users\rosen\AppData\Roaming\GRETECH

2009-05-09 16:02 . 2009-05-09 16:02 -------- d-----w c:\program files\GRETECH

2009-05-09 15:59 . 2009-05-09 15:59 -------- d-----w c:\users\rosen\AppData\Local\Adobe

2009-05-09 15:46 . 2009-05-09 15:46 -------- d-----w c:\users\rosen\AppData\Roaming\HP

2009-05-09 15:46 . 2009-05-09 15:46 -------- d-----w c:\programdata\HP

2009-05-09 15:44 . 2009-05-09 16:25 -------- d-----w c:\users\rosen\AppData\Roaming\CyberLink

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-28 01:14 . 2009-05-09 14:58 -------- d-----w c:\users\User\AppData\Roaming\DAEMON Tools

2009-05-27 17:31 . 2008-09-27 08:44 113440 ----a-w c:\programdata\nvModes.dat

2009-05-27 17:05 . 2008-09-27 08:11 12 ----a-w c:\windows\bthservsdp.dat

2009-05-27 13:08 . 2008-07-02 17:07 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-05-27 13:07 . 2008-07-02 17:07 -------- d-----w c:\programdata\Symantec

2009-05-25 10:53 . 2008-07-02 18:31 -------- d-----w c:\program files\Java

2009-05-18 17:37 . 2008-07-02 17:05 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-16 14:32 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-05-15 11:49 . 2009-05-15 11:49 103472 ----a-w c:\users\all\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-13 17:44 . 2009-05-13 17:44 4096 ----a-w c:\windows\system32\02358.tmp

2009-05-13 13:13 . 2009-05-13 13:13 4096 ----a-w c:\windows\system32\032B3.tmp

2009-05-13 11:11 . 2009-05-13 11:11 4096 ----a-w c:\windows\system32\0E1D6.tmp

2009-05-11 17:22 . 2009-05-11 17:22 103472 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-10 17:55 . 2009-05-09 11:20 103472 ----a-w c:\users\rosen\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-10 17:53 . 2008-07-02 18:09 -------- d-----w c:\programdata\Microsoft Help

2009-05-10 17:47 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild

2009-05-10 17:37 . 2008-09-27 08:50 -------- d-----w c:\programdata\NVIDIA

2009-05-10 13:14 . 2008-07-02 18:21 8292 ----a-w c:\windows\system32\ezdigsgn.dat

2009-05-10 00:30 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat

2009-05-09 11:20 . 2009-05-09 11:20 -------- d-----w c:\users\rosen\AppData\Roaming\Symantec

2009-05-09 10:38 . 2009-05-09 10:38 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-05-09 10:03 . 2008-09-27 08:49 -------- d-----w c:\programdata\CyberLink

2009-05-09 09:42 . 2008-07-02 17:42 -------- d-----w c:\programdata\WildTangent

2009-05-09 09:40 . 2009-05-09 09:40 32 ----a-w c:\programdata\ezsid.dat

2009-05-09 05:46 . 2009-05-09 05:46 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF84514NW_E465478-024_4A_I3603_SQuanta_V02.20_F.0C_T080918_WV3-1_L409_M3069_J320_7Intel_8676_92.00_#090509_N10EC8168;80864237_(FW699EA#ABB)_XMO

BILE_CN10_Z_2F.0C.MRK

2009-04-21 21:20 . 2009-04-21 21:20 14311680 ----a-w c:\windows\system32\xlive.dll

2009-04-21 21:20 . 2009-04-21 21:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll

2009-04-17 06:48 . 2009-04-17 06:48 114528 ----a-w c:\windows\system32\drivers\jmcr.sys

2009-03-08 11:34 . 2009-05-09 14:58 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-05-09 14:58 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-05-09 14:58 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-05-09 14:58 109056 ----a-w c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-05-09 14:58 109568 ----a-w c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-05-09 14:58 132608 ----a-w c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-05-09 14:58 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-05-09 14:58 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-05-09 14:58 103936 ----a-w c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-05-09 14:58 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-05-09 14:58 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-05-09 14:58 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-05-09 14:58 66560 ----a-w c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-05-09 14:58 169472 ----a-w c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-05-09 14:58 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-05-09 14:58 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-05-09 14:58 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-05-09 14:58 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 06:06 . 2009-03-06 06:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys

2009-03-05 03:54 . 2009-03-05 03:54 73728 ----a-w c:\windows\system32\RtNicProp32.dll

2008-07-02 15:47 . 2008-07-02 15:47 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"RGSC"="f:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-05-18 306088]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-24 468264]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-17 727592]

FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2009-5-10 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D1A19267-720D-45C7-BA29-21A2A647EF5B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{B9AC649E-0A78-4DCC-9DAF-B51D71EE0A38}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{4802C87A-702A-4431-876A-5D11193D65B1}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{B12F35B4-F422-4B67-BB9F-3CA110ADF1A6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{0FC4DF7C-9FEC-442B-9468-5CA6B3C5DC9D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{5D406AE4-F07F-4153-9036-38CFF4942937}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{9C70456F-ECFC-4FCE-9E00-06EDA40B50AE}"= UDP:17804:BitComet 17804 TCP

"{A819E5D7-E9B1-41FF-ADB2-EB52591E6058}"= TCP:17804:BitComet 17804 UDP

"TCP Query User{52BF79F6-7F65-49C8-9D5B-D3CEBA256D75}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{4D84D741-171B-4776-A5C5-9B7768D7E5ED}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{5BF83EF4-0DCE-47A4-9564-DB1105D16549}"= UDP:f:\prince of persia\Prince of Persia.exe:Prince of Persia Dx

"{6E701431-BE56-48BD-813B-365AC08536F3}"= TCP:f:\prince of persia\Prince of Persia.exe:Prince of Persia Dx

"{41366894-C565-4431-A345-D3B14D33F172}"= UDP:f:\prince of persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"{306C325E-6A01-4C49-BF66-6946136434F6}"= TCP:f:\prince of persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"TCP Query User{18B1FEFC-7956-4E81-960F-B3968E4EC522}f:\\counter-strike\\hl.exe"= UDP:f:\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{09F01335-6BF9-4CB5-BE3D-8F0F84B159F6}f:\\counter-strike\\hl.exe"= TCP:f:\counter-strike\hl.exe:Half-Life Launcher

"{EDCEBA08-3A90-4B0E-A84B-0E026327559B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{8033D948-9891-4C4E-B6EE-12419A7B5E3C}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{4D75C391-1523-4D78-A4CF-026C8CEE3A8B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{1FD4DDBD-A9C3-4920-94B5-C8FE1EFE6A33}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{17DF0F66-7ADC-44A1-AC1C-204CDAB14A10}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{4F210143-C5CD-4B46-920F-0824F3A31496}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0F5523D7-6BA8-419B-9A34-760FB9EAB3ED}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead

"UDP Query User{5FF2D015-FD7C-47C3-8385-F005AB5C71D4}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead

"{B658BB4C-29EC-4A5D-9E3F-ECC98E5304E5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{0FACA8F0-6BB6-4460-943C-7F643A60CE3F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{D296CA6A-DB3F-4F18-914D-B554FBA9AD62}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{4CD86C2B-C1DE-4652-AF60-7FD94581DB94}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{38A34AFC-5B7D-4B1B-905C-F0CFB609272F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{87156E94-9DEF-4FB5-866A-D19A08B04DCE}f:\\half life\\hl2\\hl2.exe"= UDP:f:\half life\hl2\hl2.exe:hl2

"UDP Query User{07D91094-95B3-4CCE-A1F8-BCCF642AFC8C}f:\\half life\\hl2\\hl2.exe"= TCP:f:\half life\hl2\hl2.exe:hl2

"{BE0BD50B-800C-4199-AE63-74F501E0494E}"= UDP:c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe:EVEREST Ultimate Edition

"{F9A2C16C-737E-409A-982D-CD293CF8837F}"= TCP:c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe:EVEREST Ultimate Edition

"TCP Query User{C8352A4C-A496-4FCC-89D7-9F5178B0A72A}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{1160E15F-F4FE-477E-B6B3-2B26F97A6841}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{9F2A8CF4-8203-4F01-8B79-E5278EB8AE14}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Windows Explorer

"UDP Query User{9BAD5322-E370-448A-A36F-6EEAF637E101}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Windows Explorer

"{9946B689-4843-494C-A639-0F5202DAF3D0}"= UDP:17804:BitComet 17804 TCP

"{8E93DEDD-8DAE-4B26-84CE-F4BF73EAE93F}"= TCP:17804:BitComet 17804 UDP

"{94C90566-97C0-4D31-A77F-0574EA643D6E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{5275B171-726F-425F-8052-8F41EE77F9F8}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{9E89D40F-7D6A-4FEC-A8DB-D13A5C6E2525}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{A82881B4-3C35-45BC-8017-D4E8FC9AD9B0}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{958B2B9E-523D-4D43-99BC-5D0578F62E23}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{C3A949CF-031F-4F56-8756-4589F6BDE6A4}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{FD86E422-D391-4D53-80C3-F0EC34BE7825}f:\\half life\\hl2\\hl2.exe"= UDP:f:\half life\hl2\hl2.exe:hl2

"UDP Query User{9AE0D4EA-DDEE-4886-8253-14A2BBF25F86}f:\\half life\\hl2\\hl2.exe"= TCP:f:\half life\hl2\hl2.exe:hl2

"{05092115-0D67-4CC8-BFBB-E04D74704BF3}"= UDP:c:\program files\Activision\X-Men Origins - Wolverine\Binaries\Wolverine.exe:X-Men Origins - Wolverine

"{BC261CFE-CF5F-4236-A990-7B8139DFBA2B}"= TCP:c:\program files\Activision\X-Men Origins - Wolverine\Binaries\Wolverine.exe:X-Men Origins - Wolverine

"{3F142349-23D7-45BA-9533-8167D9C46CB4}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{5CD145D9-D607-45CA-AC40-5EAB00A3A0A9}"= UDP:f:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{920D8BF9-403A-4277-9818-684822C6A675}"= TCP:f:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{74632C98-0192-4C53-A345-4C9FFAE08664}"= UDP:f:\rockstar games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{171565A4-B6F6-496D-B33B-01216524ECD7}"= TCP:f:\rockstar games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"TCP Query User{612159B0-E64D-4111-90C4-8E5E8078091B}f:\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:f:\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"UDP Query User{9FA4F7DC-3DFF-4535-8526-ABE944199B6B}f:\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:f:\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"TCP Query User{30DC198A-9802-46EA-AF57-2F90A4C8A8AA}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer

"UDP Query User{7CEE600E-2A67-4E29-BA2A-71EDB8261D5A}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer

"TCP Query User{2FA6753E-7D33-4558-84E0-F0A1897A653B}c:\\users\\user\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\user\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

"UDP Query User{0C8A11A1-DD20-494C-8CA6-0EE97FEB0B9E}c:\\users\\user\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\user\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [27.9.2008 і. 11:18 73728]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21.1.2008 і. 05:23 21504]

R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19.3.2008 і. 02:24 19456]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2.7.2008 і. 21:26 341328]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2.7.2008 і. 20:29 193840]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24.1.2008 і. 16:23 52736]

R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [17.4.2009 і. 09:48 114528]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 і. 15:40 3668480]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23.5.2008 і. 06:29 43552]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;f:\downloads\Everest Ultimate Engineer Edition 5.00.1692 (multi)\Everest Ultimate Engineer Edition 5.00.1692 (Multilanguage)\kerneld.wnt [16.5.2009 і. 12:14 26224]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{A1953874-5815-44FF-9509-2C81765588EE}.job

- c:\windows\system32\msfeedssync.exe [2009-05-09 11:31]

2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{DD313412-8BC6-47F1-9C0C-AFFFC1E7DD33}.job

- c:\windows\system32\msfeedssync.exe [2009-05-09 11:31]

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.

------- Supplementary Scan -------

.

uStart Page = hxxp://######/

IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-27 20:47

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\f:\downloads\Everest Ultimate Engineer Edition 5.00.1692 (multi)\Everest Ultimate Engineer Edition 5.00.1692 (Multilanguage)\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2514056171-1166224141-2149493090-1000\Software\SecuROM\License information*]

"datasecu"=hex:21,01,9b,3c,56,e4,6d,1b,00,1f,54,9b,b7,77,fa,fe,aa,5e,96,90,29,

05,f4,09,c4,ab,3f,16,c6,63,28,1b,9f,99,bc,70,e7,ed,74,c8,a7,d8,72,dc,ab,f3,\

"rkeysecu"=hex:c1,7f,15,d2,4b,40,f2,1f,fb,ab,85,2a,cf,91,ec,eb

.

Completion time: 2009-05-27 20:48

ComboFix-quarantined-files.txt 2009-05-27 17:48

Pre-Run: 59 703 152 640 bytes free

Post-Run: 65 630 097 408 bytes free

362 --- E O F --- 2009-05-27 17:42

Отворете Notepad и чрез copy/paste поставете следното:

KillAll::


File::

C:\windows\system32\02358.tmp

c:\windows\system32\032B3.tmp

c:\windows\system32\0E1D6.tmp


Registry::

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

cfscriptyr1.gif

След, като програмата приключи ще Ви изведе лог файла. Чрез Copy/Paste поставете информацията тук.

Ето го лога

ComboFix 09-05-26.05 - User 05.2009 г. 21:13.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.359.1033.18.3068.1965 [GMT 3:00]

Running from: c:\users\User\Desktop\ComboFix.exe

Command switches used :: c:\users\User\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\windows\system32\02358.tmp"

"c:\windows\system32\032B3.tmp"

"c:\windows\system32\0E1D6.tmp"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\02358.tmp

c:\windows\system32\032B3.tmp

c:\windows\system32\0E1D6.tmp

.

((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))

.

2009-05-27 18:15 . 2009-05-27 18:18 -------- d-----w c:\users\User\AppData\Local\temp

2009-05-27 18:15 . 2009-05-27 18:15 -------- d-----w c:\users\rosen\AppData\Local\temp

2009-05-27 18:15 . 2009-05-27 18:15 -------- d-----w c:\users\Rosen.User-PC\AppData\Local\temp

2009-05-27 18:15 . 2009-05-27 18:15 -------- d-----w c:\users\Guest\AppData\Local\temp

2009-05-27 18:15 . 2009-05-27 18:15 -------- d-----w c:\users\all\AppData\Local\temp

2009-05-27 17:35 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDD36AC-9325-4431-9F05-E9EE3D4F9A3C}\mpengine.dll

2009-05-27 15:22 . 2009-05-27 15:22 -------- d-----w c:\users\User\AppData\Roaming\Malwarebytes

2009-05-27 15:22 . 2009-05-26 10:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-27 15:22 . 2009-05-27 17:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-27 15:22 . 2009-05-27 15:22 -------- d-----w c:\programdata\Malwarebytes

2009-05-27 15:22 . 2009-05-26 10:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-27 14:35 . 2009-05-27 14:35 680 ----a-w c:\users\User\AppData\Local\d3d9caps.dat

2009-05-27 13:07 . 2009-05-27 13:13 -------- d-----w c:\programdata\Norton

2009-05-27 13:04 . 2009-05-27 13:05 -------- d-----w c:\programdata\NortonInstaller

2009-05-27 12:46 . 2009-05-27 12:46 -------- d-----w c:\program files\Trend Micro

2009-05-26 05:17 . 2009-05-26 05:17 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Ubisoft

2009-05-26 05:11 . 2009-05-26 05:16 -------- d-----w c:\users\Rosen.User-PC\AppData\Local\Microsoft Games

2009-05-25 16:15 . 2009-05-25 16:15 7592 ----a-w c:\users\Rosen.User-PC\AppData\Local\d3d9caps.dat

2009-05-25 15:57 . 2009-05-25 15:57 -------- d-----w c:\users\Rosen.User-PC\Bluetooth Software

2009-05-25 15:04 . 2009-05-25 15:57 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\DAEMON Tools

2009-05-25 13:17 . 2009-05-28 01:14 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Winamp

2009-05-25 10:56 . 2009-05-25 10:56 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\skypePM

2009-05-25 10:55 . 2009-05-25 11:25 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Skype

2009-05-25 10:53 . 2009-05-25 10:53 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-25 10:46 . 2009-05-25 10:46 103472 ----a-w c:\users\Rosen.User-PC\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-25 10:46 . 2009-05-25 10:46 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Nero

2009-05-25 10:46 . 2009-05-28 01:14 -------- d-----w c:\users\Rosen.User-PC\AppData\Local\QuickPlay

2009-05-25 10:29 . 2009-05-25 10:29 -------- d-----w c:\users\Guest\AppData\Roaming\Skype

2009-05-25 10:23 . 2009-05-25 10:23 -------- d-----w c:\users\Guest\AppData\Roaming\Nero

2009-05-25 09:19 . 2009-05-27 17:04 -------- d-sh--r C:\RESTORE

2009-05-24 16:10 . 2009-05-24 16:10 -------- d-----w c:\programdata\WindowsSearch

2009-05-24 14:48 . 2009-05-24 14:48 -------- d-----w c:\users\rosen\AppData\Roaming\Nero

2009-05-24 13:46 . 2009-05-24 13:46 -------- d-----w c:\users\User\AppData\Local\Ahead

2009-05-24 08:23 . 2009-05-24 08:23 -------- d-----w c:\users\Public\CyberLink

2009-05-21 08:41 . 2009-05-21 08:41 -------- d-----w c:\users\all\AppData\Local\Rockstar Games

2009-05-18 18:06 . 2009-05-18 18:08 -------- d-----w c:\users\User\AppData\Local\Rockstar Games

2009-05-18 18:02 . 2009-05-18 18:02 -------- d--h--r c:\users\User\AppData\Roaming\SecuROM

2009-05-18 18:01 . 2009-05-18 18:45 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2009-05-18 18:01 . 2009-05-18 18:01 -------- d-----w c:\windows\system32\xlive

2009-05-18 17:12 . 2009-05-18 18:02 107888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-05-18 13:18 . 2009-05-18 13:18 -------- d-----w c:\users\User\AppData\Roaming\Activision

2009-05-18 09:19 . 2009-05-23 08:54 -------- d-----w c:\users\all\AppData\Roaming\skypePM

2009-05-17 12:43 . 2009-05-27 18:08 -------- d-----w c:\users\User\AppData\Roaming\Skype

2009-05-17 12:43 . 2009-05-17 12:43 -------- d-----w c:\program files\Skype

2009-05-17 12:43 . 2009-05-17 12:43 -------- d-----w c:\program files\Common Files\Skype

2009-05-17 12:16 . 2009-05-17 12:16 -------- d-----w c:\users\all\AppData\Local\VirtualStore

2009-05-15 19:13 . 2009-05-16 09:26 -------- d-----w c:\program files\SpeedFan

2009-05-15 17:20 . 2009-05-15 17:20 -------- d-----w c:\program files\EasyBits For Kids

2009-05-15 17:00 . 2009-05-15 17:00 -------- d-----w c:\users\User\AppData\Roaming\Leadertech

2009-05-15 16:44 . 2009-05-15 16:44 -------- d-----w c:\program files\EA Games

2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\program files\AGEIA Technologies

2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\windows\system32\AGEIA

2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-15 14:43 . 2009-05-18 17:07 -------- d-----w c:\program files\Activision

2009-05-15 14:42 . 2009-05-15 14:42 -------- d-sh--w c:\windows\ftpcache

2009-05-15 14:40 . 2009-05-15 14:41 -------- d-----w c:\users\User\AppData\Local\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\users\User\AppData\Roaming\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\programdata\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\program files\Common Files\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\program files\ACD Systems

2009-05-15 14:39 . 2009-05-15 14:39 10368 ----a-w c:\windows\system32\drivers\pfc.sys

2009-05-15 12:01 . 2009-05-20 00:40 -------- d-----w c:\users\all\AppData\Local\Microsoft Games

2009-05-15 11:53 . 2009-05-15 11:53 -------- d-----w c:\users\all\Bluetooth Software

2009-05-15 11:51 . 2009-05-23 09:52 -------- d-----w c:\users\all\AppData\Roaming\Skype

2009-05-14 03:56 . 2009-05-14 03:56 -------- d-----w c:\users\User\AppData\Roaming\InstallShield

2009-05-12 11:00 . 2009-05-12 11:00 -------- d-----w c:\users\Guest\Bluetooth Software

2009-05-11 17:45 . 2009-05-11 17:45 -------- d-----w c:\users\User\AppData\Local\Hewlett-Packard

2009-05-11 13:01 . 2009-05-24 18:36 -------- d-----w c:\users\User\AppData\Local\Google

2009-05-11 12:17 . 2009-05-11 15:47 -------- d-----w c:\users\rosen\AppData\Local\Google

2009-05-11 12:13 . 2009-05-12 17:48 -------- d-----w c:\program files\Google

2009-05-11 11:52 . 2009-05-11 11:52 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-05-11 11:51 . 2009-05-11 11:51 -------- d-----w c:\program files\Common Files\Adobe

2009-05-11 07:39 . 2009-05-11 07:39 -------- d-----w c:\program files\Valve

2009-05-10 17:46 . 2009-05-10 17:46 -------- d-----w c:\program files\Microsoft.NET

2009-05-10 17:44 . 2009-05-10 17:44 -------- d-----w c:\program files\Microsoft Visual Studio 8

2009-05-10 17:43 . 2009-05-10 17:43 -------- d-----w c:\users\User\AppData\Local\Microsoft Help

2009-05-10 17:42 . 2009-05-10 17:42 -------- d--h--r C:\MSOCache

2009-05-10 17:02 . 2009-05-10 17:02 -------- d-----w C:\NVIDIA

2009-05-10 14:37 . 2009-05-24 18:33 -------- d-----w c:\users\User\AppData\Local\Nero

2009-05-10 14:15 . 2009-05-10 14:47 -------- d-----w c:\program files\Left 4 Dead

2009-05-10 14:15 . 2009-05-10 14:15 -------- d-----w c:\windows\Left 4 Dead

2009-05-10 13:14 . 2008-01-21 02:24 638976 ----a-w c:\windows\system32\win_utilman.exe

2009-05-10 13:14 . 2009-05-10 13:14 56 ---ha-w c:\windows\system32\ezsidmv.dat

2009-05-10 13:14 . 2009-05-10 13:14 91136 ----a-w c:\windows\system32\ezUninst.exe

2009-05-10 13:14 . 2009-05-10 13:14 49152 ----a-w c:\windows\system32\ezUPBHook.dll

2009-05-10 13:14 . 2009-05-10 13:14 268288 ----a-w c:\windows\system32\ezSetup.exe

2009-05-10 13:14 . 2009-05-10 13:14 15872 ----a-w c:\windows\system32\ezMAPIHelper.exe

2009-05-10 13:14 . 2009-05-10 13:14 111104 ----a-w c:\windows\system32\ezShellStart.exe

2009-05-10 10:38 . 1999-11-29 17:33 7440 ----a-w c:\windows\system32\kbdlk41j.Dll

2009-05-10 10:38 . 1999-12-07 06:00 6416 ----a-w c:\windows\system32\kbdbp.Dll

2009-05-10 10:38 . 1999-11-18 02:04 7440 ----a-w c:\windows\system32\Kbddll.dll

2009-05-10 10:38 . 1999-11-11 10:47 6928 ----a-w c:\windows\system32\kbdhebx.Dll

2009-05-10 10:38 . 2002-04-22 21:17 45056 ----a-w c:\windows\system32\newdll.dll

2009-05-10 10:38 . 2009-05-10 10:38 -------- d-----w c:\program files\Datecs

2009-05-10 00:05 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll

2009-05-10 00:05 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

2009-05-10 00:05 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-05-10 00:05 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll

2009-05-10 00:05 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe

2009-05-10 00:05 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

2009-05-10 00:05 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe

2009-05-10 00:02 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll

2009-05-10 00:02 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll

2009-05-10 00:02 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll

2009-05-10 00:01 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll

2009-05-10 00:01 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll

2009-05-10 00:01 . 2009-05-10 00:01 -------- d-----w c:\program files\MSXML 4.0

2009-05-09 21:01 . 1999-03-23 07:12 299520 ----a-w c:\windows\uninst.exe

2009-05-09 20:41 . 2009-05-09 20:41 -------- d-----w c:\program files\Lavalys

2009-05-09 20:00 . 2009-05-09 20:00 -------- d-----w c:\users\User\AppData\Roaming\Ubisoft

2009-05-09 20:00 . 2009-05-09 20:00 -------- d-----w c:\programdata\Ubisoft

2009-05-09 19:42 . 2009-05-14 03:56 -------- d-----w c:\program files\Ubisoft

2009-05-09 19:21 . 2009-05-24 07:44 -------- d-----w c:\program files\The KMPlayer

2009-05-09 19:13 . 2009-05-09 19:13 -------- d-----w c:\windows\Driver Cache

2009-05-09 19:13 . 2009-05-09 19:13 -------- d-----w c:\program files\AVerMedia

2009-05-09 18:57 . 2009-05-09 18:57 -------- d-----w c:\users\User\AppData\Roaming\NeroDCTemplates

2009-05-09 18:54 . 2009-05-24 13:44 -------- d-----w c:\users\User\AppData\Roaming\Nero

2009-05-09 18:19 . 2009-05-24 13:41 -------- d-----w c:\program files\Nero

2009-05-09 18:18 . 2009-05-24 13:43 -------- d-----w c:\program files\Common Files\Nero

2009-05-09 18:18 . 2009-05-24 13:41 -------- d-----w c:\programdata\Nero

2009-05-09 18:18 . 2009-05-09 18:18 -------- d-----w c:\program files\Common Files\LightScribe

2009-05-09 17:53 . 2009-05-11 09:43 -------- d-----w c:\programdata\LightScribe

2009-05-09 16:39 . 2009-05-09 16:51 -------- d-----w c:\users\rosen\AppData\Roaming\DAEMON Tools

2009-05-09 16:02 . 2009-05-09 16:02 -------- d-----w c:\users\rosen\AppData\Roaming\GRETECH

2009-05-09 16:02 . 2009-05-09 16:02 -------- d-----w c:\program files\GRETECH

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-28 01:14 . 2009-05-09 14:58 -------- d-----w c:\users\User\AppData\Roaming\DAEMON Tools

2009-05-27 18:16 . 2008-09-27 08:11 12 ----a-w c:\windows\bthservsdp.dat

2009-05-27 17:31 . 2008-09-27 08:44 113440 ----a-w c:\programdata\nvModes.dat

2009-05-27 13:08 . 2008-07-02 17:07 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-05-27 13:07 . 2008-07-02 17:07 -------- d-----w c:\programdata\Symantec

2009-05-25 10:53 . 2008-07-02 18:31 -------- d-----w c:\program files\Java

2009-05-18 17:37 . 2008-07-02 17:05 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-16 14:32 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-05-15 11:49 . 2009-05-15 11:49 103472 ----a-w c:\users\all\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-11 17:22 . 2009-05-11 17:22 103472 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-10 17:55 . 2009-05-09 11:20 103472 ----a-w c:\users\rosen\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-10 17:53 . 2008-07-02 18:09 -------- d-----w c:\programdata\Microsoft Help

2009-05-10 17:47 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild

2009-05-10 17:37 . 2008-09-27 08:50 -------- d-----w c:\programdata\NVIDIA

2009-05-10 13:14 . 2008-07-02 18:21 8292 ----a-w c:\windows\system32\ezdigsgn.dat

2009-05-10 00:30 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat

2009-05-09 11:20 . 2009-05-09 11:20 -------- d-----w c:\users\rosen\AppData\Roaming\Symantec

2009-05-09 10:38 . 2009-05-09 10:38 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-05-09 10:03 . 2008-09-27 08:49 -------- d-----w c:\programdata\CyberLink

2009-05-09 09:42 . 2008-07-02 17:42 -------- d-----w c:\programdata\WildTangent

2009-05-09 09:40 . 2009-05-09 09:40 32 ----a-w c:\programdata\ezsid.dat

2009-05-09 05:46 . 2009-05-09 05:46 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF84514NW_E465478-024_4A_I3603_SQuanta_V02.20_F.0C_T080918_WV3-1_L409_M3069_J320_7Intel_8676_92.00_#090509_N10EC8168;80864237_(FW699EA#ABB)_XMO

BILE_CN10_Z_2F.0C.MRK

2009-04-21 21:20 . 2009-04-21 21:20 14311680 ----a-w c:\windows\system32\xlive.dll

2009-04-21 21:20 . 2009-04-21 21:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll

2009-04-17 06:48 . 2009-04-17 06:48 114528 ----a-w c:\windows\system32\drivers\jmcr.sys

2009-03-08 11:34 . 2009-05-09 14:58 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-05-09 14:58 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-05-09 14:58 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-05-09 14:58 109056 ----a-w c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-05-09 14:58 109568 ----a-w c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-05-09 14:58 132608 ----a-w c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-05-09 14:58 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-05-09 14:58 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-05-09 14:58 103936 ----a-w c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-05-09 14:58 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-05-09 14:58 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-05-09 14:58 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-05-09 14:58 66560 ----a-w c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-05-09 14:58 169472 ----a-w c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-05-09 14:58 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-05-09 14:58 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-05-09 14:58 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-05-09 14:58 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 06:06 . 2009-03-06 06:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys

2009-03-05 03:54 . 2009-03-05 03:54 73728 ----a-w c:\windows\system32\RtNicProp32.dll

2008-07-02 15:47 . 2008-07-02 15:47 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((( SnapShot@2009-05-27_17.47.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-27 08:11 . 2009-05-27 18:16 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-27 08:11 . 2009-05-27 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-27 08:11 . 2009-05-27 18:16 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-27 08:11 . 2009-05-27 17:30 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-27 08:11 . 2009-05-27 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-09-27 08:11 . 2009-05-27 18:16 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-05-10 05:40 . 2009-05-27 18:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-05-10 05:40 . 2009-05-25 12:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-05-10 05:40 . 2009-05-25 12:53 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-05-10 05:40 . 2009-05-27 18:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-05-10 05:40 . 2009-05-27 18:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-05-10 05:40 . 2009-05-25 12:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-05-09 05:47 . 2009-05-27 18:06 5216 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2514056171-1166224141-2149493090-1000_UserData.bin

- 2009-05-27 15:20 . 2009-05-27 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-05-27 18:16 . 2009-05-27 18:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-05-27 15:20 . 2009-05-27 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-05-27 18:16 . 2009-05-27 18:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 13:05 . 2009-05-27 18:06 102828 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-05-12 17:47 . 2009-05-27 18:16 1043072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"RGSC"="f:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-05-18 306088]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-24 468264]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-17 727592]

FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2009-5-10 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D1A19267-720D-45C7-BA29-21A2A647EF5B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{B9AC649E-0A78-4DCC-9DAF-B51D71EE0A38}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{4802C87A-702A-4431-876A-5D11193D65B1}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{B12F35B4-F422-4B67-BB9F-3CA110ADF1A6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{0FC4DF7C-9FEC-442B-9468-5CA6B3C5DC9D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{5D406AE4-F07F-4153-9036-38CFF4942937}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{9C70456F-ECFC-4FCE-9E00-06EDA40B50AE}"= UDP:17804:BitComet 17804 TCP

"{A819E5D7-E9B1-41FF-ADB2-EB52591E6058}"= TCP:17804:BitComet 17804 UDP

"TCP Query User{52BF79F6-7F65-49C8-9D5B-D3CEBA256D75}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{4D84D741-171B-4776-A5C5-9B7768D7E5ED}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{5BF83EF4-0DCE-47A4-9564-DB1105D16549}"= UDP:f:\prince of persia\Prince of Persia.exe:Prince of Persia Dx

"{6E701431-BE56-48BD-813B-365AC08536F3}"= TCP:f:\prince of persia\Prince of Persia.exe:Prince of Persia Dx

"{41366894-C565-4431-A345-D3B14D33F172}"= UDP:f:\prince of persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"{306C325E-6A01-4C49-BF66-6946136434F6}"= TCP:f:\prince of persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"TCP Query User{18B1FEFC-7956-4E81-960F-B3968E4EC522}f:\\counter-strike\\hl.exe"= UDP:f:\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{09F01335-6BF9-4CB5-BE3D-8F0F84B159F6}f:\\counter-strike\\hl.exe"= TCP:f:\counter-strike\hl.exe:Half-Life Launcher

"{EDCEBA08-3A90-4B0E-A84B-0E026327559B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{8033D948-9891-4C4E-B6EE-12419A7B5E3C}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{4D75C391-1523-4D78-A4CF-026C8CEE3A8B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{1FD4DDBD-A9C3-4920-94B5-C8FE1EFE6A33}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{17DF0F66-7ADC-44A1-AC1C-204CDAB14A10}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{4F210143-C5CD-4B46-920F-0824F3A31496}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0F5523D7-6BA8-419B-9A34-760FB9EAB3ED}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead

"UDP Query User{5FF2D015-FD7C-47C3-8385-F005AB5C71D4}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead

"{B658BB4C-29EC-4A5D-9E3F-ECC98E5304E5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{0FACA8F0-6BB6-4460-943C-7F643A60CE3F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{D296CA6A-DB3F-4F18-914D-B554FBA9AD62}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{4CD86C2B-C1DE-4652-AF60-7FD94581DB94}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{38A34AFC-5B7D-4B1B-905C-F0CFB609272F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{87156E94-9DEF-4FB5-866A-D19A08B04DCE}f:\\half life\\hl2\\hl2.exe"= UDP:f:\half life\hl2\hl2.exe:hl2

"UDP Query User{07D91094-95B3-4CCE-A1F8-BCCF642AFC8C}f:\\half life\\hl2\\hl2.exe"= TCP:f:\half life\hl2\hl2.exe:hl2

"{BE0BD50B-800C-4199-AE63-74F501E0494E}"= UDP:c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe:EVEREST Ultimate Edition

"{F9A2C16C-737E-409A-982D-CD293CF8837F}"= TCP:c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe:EVEREST Ultimate Edition

"TCP Query User{C8352A4C-A496-4FCC-89D7-9F5178B0A72A}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{1160E15F-F4FE-477E-B6B3-2B26F97A6841}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{9F2A8CF4-8203-4F01-8B79-E5278EB8AE14}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Windows Explorer

"UDP Query User{9BAD5322-E370-448A-A36F-6EEAF637E101}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Windows Explorer

"{9946B689-4843-494C-A639-0F5202DAF3D0}"= UDP:17804:BitComet 17804 TCP

"{8E93DEDD-8DAE-4B26-84CE-F4BF73EAE93F}"= TCP:17804:BitComet 17804 UDP

"{94C90566-97C0-4D31-A77F-0574EA643D6E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{5275B171-726F-425F-8052-8F41EE77F9F8}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{9E89D40F-7D6A-4FEC-A8DB-D13A5C6E2525}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{A82881B4-3C35-45BC-8017-D4E8FC9AD9B0}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{958B2B9E-523D-4D43-99BC-5D0578F62E23}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{C3A949CF-031F-4F56-8756-4589F6BDE6A4}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{FD86E422-D391-4D53-80C3-F0EC34BE7825}f:\\half life\\hl2\\hl2.exe"= UDP:f:\half life\hl2\hl2.exe:hl2

"UDP Query User{9AE0D4EA-DDEE-4886-8253-14A2BBF25F86}f:\\half life\\hl2\\hl2.exe"= TCP:f:\half life\hl2\hl2.exe:hl2

"{05092115-0D67-4CC8-BFBB-E04D74704BF3}"= UDP:c:\program files\Activision\X-Men Origins - Wolverine\Binaries\Wolverine.exe:X-Men Origins - Wolverine

"{BC261CFE-CF5F-4236-A990-7B8139DFBA2B}"= TCP:c:\program files\Activision\X-Men Origins - Wolverine\Binaries\Wolverine.exe:X-Men Origins - Wolverine

"{3F142349-23D7-45BA-9533-8167D9C46CB4}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{5CD145D9-D607-45CA-AC40-5EAB00A3A0A9}"= UDP:f:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{920D8BF9-403A-4277-9818-684822C6A675}"= TCP:f:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{74632C98-0192-4C53-A345-4C9FFAE08664}"= UDP:f:\rockstar games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{171565A4-B6F6-496D-B33B-01216524ECD7}"= TCP:f:\rockstar games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"TCP Query User{612159B0-E64D-4111-90C4-8E5E8078091B}f:\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:f:\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"UDP Query User{9FA4F7DC-3DFF-4535-8526-ABE944199B6B}f:\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:f:\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"TCP Query User{30DC198A-9802-46EA-AF57-2F90A4C8A8AA}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer

"UDP Query User{7CEE600E-2A67-4E29-BA2A-71EDB8261D5A}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer

"TCP Query User{2FA6753E-7D33-4558-84E0-F0A1897A653B}c:\\users\\user\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\user\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

"UDP Query User{0C8A11A1-DD20-494C-8CA6-0EE97FEB0B9E}c:\\users\\user\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\user\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [27.9.2008 і. 11:18 73728]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21.1.2008 і. 05:23 21504]

R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19.3.2008 і. 02:24 19456]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2.7.2008 і. 21:26 341328]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2.7.2008 і. 20:29 193840]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24.1.2008 і. 16:23 52736]

R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [17.4.2009 і. 09:48 114528]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 і. 15:40 3668480]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23.5.2008 і. 06:29 43552]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;f:\downloads\Everest Ultimate Engineer Edition 5.00.1692 (multi)\Everest Ultimate Engineer Edition 5.00.1692 (Multilanguage)\kerneld.wnt [16.5.2009 і. 12:14 26224]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{A1953874-5815-44FF-9509-2C81765588EE}.job

- c:\windows\system32\msfeedssync.exe [2009-05-09 11:31]

2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{DD313412-8BC6-47F1-9C0C-AFFFC1E7DD33}.job

- c:\windows\system32\msfeedssync.exe [2009-05-09 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://######/

IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-27 21:18

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP0000003ACB352524BF27BC51 524288 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\f:\downloads\Everest Ultimate Engineer Edition 5.00.1692 (multi)\Everest Ultimate Engineer Edition 5.00.1692 (Multilanguage)\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2514056171-1166224141-2149493090-1000\Software\SecuROM\License information*]

"datasecu"=hex:21,01,9b,3c,56,e4,6d,1b,00,1f,54,9b,b7,77,fa,fe,aa,5e,96,90,29,

05,f4,09,c4,ab,3f,16,c6,63,28,1b,9f,99,bc,70,e7,ed,74,c8,a7,d8,72,dc,ab,f3,\

"rkeysecu"=hex:c1,7f,15,d2,4b,40,f2,1f,fb,ab,85,2a,cf,91,ec,eb

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5284)

c:\windows\system32\newdll.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\BtwNamespaceExt.dll

c:\windows\system32\BtwNeLib.dll

c:\windows\system32\btwapi.dll

c:\windows\system32\btosif.dll

c:\windows\system32\btwpimif.dll

c:\program files\Common Files\Nero\Lib\MediaLibraryNSE.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\System32\IoctlSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\vdsldr.exe

c:\windows\System32\vds.exe

.

**************************************************************************

.

Completion time: 2009-05-27 21:23 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-27 18:23

ComboFix2.txt 2009-05-27 17:48

Pre-Run: 65 607 000 064 bytes free

Post-Run: 65 436 565 504 bytes free

425 --- E O F --- 2009-05-27 17:42

Отворете Notepad и чрез copy/paste поставете следното:

KillAll::


Driver::

TMP0000003ACB352524BF27BC51


File::

c:\windows\TEMP\TMP0000003ACB352524BF27BC51.tmp

Запазете файла с името CFScript.txt и го поставете върху ComboFix.

cfscriptyr1.gif

След, като програмата приключи ще Ви изведе лог файла. Чрез Copy/Paste поставете информацията тук.

Eто го лога

ComboFix 09-05-26.05 - User 05.2009 г. 21:39.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1251.359.1033.18.3068.1918 [GMT 3:00]

Running from: c:\users\User\Desktop\ComboFix.exe

Command switches used :: c:\users\User\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\windows\TEMP\TMP0000003ACB352524BF27BC51.tmp"

.

((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))

.

2009-05-27 18:41 . 2009-05-27 18:44 -------- d-----w c:\users\User\AppData\Local\temp

2009-05-27 18:41 . 2009-05-27 18:41 -------- d-----w c:\users\rosen\AppData\Local\temp

2009-05-27 18:41 . 2009-05-27 18:41 -------- d-----w c:\users\Rosen.User-PC\AppData\Local\temp

2009-05-27 18:41 . 2009-05-27 18:41 -------- d-----w c:\users\Guest\AppData\Local\temp

2009-05-27 18:41 . 2009-05-27 18:41 -------- d-----w c:\users\all\AppData\Local\temp

2009-05-27 17:35 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDD36AC-9325-4431-9F05-E9EE3D4F9A3C}\mpengine.dll

2009-05-27 15:22 . 2009-05-27 15:22 -------- d-----w c:\users\User\AppData\Roaming\Malwarebytes

2009-05-27 15:22 . 2009-05-26 10:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-27 15:22 . 2009-05-27 17:03 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-27 15:22 . 2009-05-27 15:22 -------- d-----w c:\programdata\Malwarebytes

2009-05-27 15:22 . 2009-05-26 10:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-27 14:35 . 2009-05-27 14:35 680 ----a-w c:\users\User\AppData\Local\d3d9caps.dat

2009-05-27 13:07 . 2009-05-27 13:13 -------- d-----w c:\programdata\Norton

2009-05-27 13:04 . 2009-05-27 13:05 -------- d-----w c:\programdata\NortonInstaller

2009-05-27 12:46 . 2009-05-27 12:46 -------- d-----w c:\program files\Trend Micro

2009-05-26 05:17 . 2009-05-26 05:17 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Ubisoft

2009-05-26 05:11 . 2009-05-26 05:16 -------- d-----w c:\users\Rosen.User-PC\AppData\Local\Microsoft Games

2009-05-25 16:15 . 2009-05-25 16:15 7592 ----a-w c:\users\Rosen.User-PC\AppData\Local\d3d9caps.dat

2009-05-25 15:57 . 2009-05-25 15:57 -------- d-----w c:\users\Rosen.User-PC\Bluetooth Software

2009-05-25 15:04 . 2009-05-25 15:57 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\DAEMON Tools

2009-05-25 13:17 . 2009-05-28 01:14 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Winamp

2009-05-25 10:56 . 2009-05-25 10:56 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\skypePM

2009-05-25 10:55 . 2009-05-25 11:25 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Skype

2009-05-25 10:53 . 2009-05-25 10:53 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-25 10:46 . 2009-05-25 10:46 103472 ----a-w c:\users\Rosen.User-PC\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-25 10:46 . 2009-05-25 10:46 -------- d-----w c:\users\Rosen.User-PC\AppData\Roaming\Nero

2009-05-25 10:46 . 2009-05-28 01:14 -------- d-----w c:\users\Rosen.User-PC\AppData\Local\QuickPlay

2009-05-25 10:29 . 2009-05-25 10:29 -------- d-----w c:\users\Guest\AppData\Roaming\Skype

2009-05-25 10:23 . 2009-05-25 10:23 -------- d-----w c:\users\Guest\AppData\Roaming\Nero

2009-05-25 09:19 . 2009-05-27 17:04 -------- d-sh--r C:\RESTORE

2009-05-24 16:10 . 2009-05-24 16:10 -------- d-----w c:\programdata\WindowsSearch

2009-05-24 14:48 . 2009-05-24 14:48 -------- d-----w c:\users\rosen\AppData\Roaming\Nero

2009-05-24 13:46 . 2009-05-24 13:46 -------- d-----w c:\users\User\AppData\Local\Ahead

2009-05-24 08:23 . 2009-05-24 08:23 -------- d-----w c:\users\Public\CyberLink

2009-05-21 08:41 . 2009-05-21 08:41 -------- d-----w c:\users\all\AppData\Local\Rockstar Games

2009-05-18 18:06 . 2009-05-18 18:08 -------- d-----w c:\users\User\AppData\Local\Rockstar Games

2009-05-18 18:02 . 2009-05-18 18:02 -------- d--h--r c:\users\User\AppData\Roaming\SecuROM

2009-05-18 18:01 . 2009-05-18 18:45 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2009-05-18 18:01 . 2009-05-18 18:01 -------- d-----w c:\windows\system32\xlive

2009-05-18 17:12 . 2009-05-18 18:02 107888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-05-18 13:18 . 2009-05-18 13:18 -------- d-----w c:\users\User\AppData\Roaming\Activision

2009-05-18 09:19 . 2009-05-23 08:54 -------- d-----w c:\users\all\AppData\Roaming\skypePM

2009-05-17 12:43 . 2009-05-27 18:23 -------- d-----w c:\users\User\AppData\Roaming\Skype

2009-05-17 12:43 . 2009-05-17 12:43 -------- d-----w c:\program files\Skype

2009-05-17 12:43 . 2009-05-17 12:43 -------- d-----w c:\program files\Common Files\Skype

2009-05-17 12:16 . 2009-05-17 12:16 -------- d-----w c:\users\all\AppData\Local\VirtualStore

2009-05-15 19:13 . 2009-05-16 09:26 -------- d-----w c:\program files\SpeedFan

2009-05-15 17:20 . 2009-05-15 17:20 -------- d-----w c:\program files\EasyBits For Kids

2009-05-15 17:00 . 2009-05-15 17:00 -------- d-----w c:\users\User\AppData\Roaming\Leadertech

2009-05-15 16:44 . 2009-05-15 16:44 -------- d-----w c:\program files\EA Games

2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\program files\AGEIA Technologies

2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\windows\system32\AGEIA

2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-05-15 14:43 . 2009-05-18 17:07 -------- d-----w c:\program files\Activision

2009-05-15 14:42 . 2009-05-15 14:42 -------- d-sh--w c:\windows\ftpcache

2009-05-15 14:40 . 2009-05-15 14:41 -------- d-----w c:\users\User\AppData\Local\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\users\User\AppData\Roaming\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\programdata\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\program files\Common Files\ACD Systems

2009-05-15 14:40 . 2009-05-15 14:40 -------- d-----w c:\program files\ACD Systems

2009-05-15 14:39 . 2009-05-15 14:39 10368 ----a-w c:\windows\system32\drivers\pfc.sys

2009-05-15 12:01 . 2009-05-20 00:40 -------- d-----w c:\users\all\AppData\Local\Microsoft Games

2009-05-15 11:53 . 2009-05-15 11:53 -------- d-----w c:\users\all\Bluetooth Software

2009-05-15 11:51 . 2009-05-23 09:52 -------- d-----w c:\users\all\AppData\Roaming\Skype

2009-05-14 03:56 . 2009-05-14 03:56 -------- d-----w c:\users\User\AppData\Roaming\InstallShield

2009-05-12 11:00 . 2009-05-12 11:00 -------- d-----w c:\users\Guest\Bluetooth Software

2009-05-11 17:45 . 2009-05-11 17:45 -------- d-----w c:\users\User\AppData\Local\Hewlett-Packard

2009-05-11 13:01 . 2009-05-24 18:36 -------- d-----w c:\users\User\AppData\Local\Google

2009-05-11 12:17 . 2009-05-11 15:47 -------- d-----w c:\users\rosen\AppData\Local\Google

2009-05-11 12:13 . 2009-05-12 17:48 -------- d-----w c:\program files\Google

2009-05-11 11:52 . 2009-05-11 11:52 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-05-11 11:51 . 2009-05-11 11:51 -------- d-----w c:\program files\Common Files\Adobe

2009-05-11 07:39 . 2009-05-11 07:39 -------- d-----w c:\program files\Valve

2009-05-10 17:46 . 2009-05-10 17:46 -------- d-----w c:\program files\Microsoft.NET

2009-05-10 17:44 . 2009-05-10 17:44 -------- d-----w c:\program files\Microsoft Visual Studio 8

2009-05-10 17:43 . 2009-05-10 17:43 -------- d-----w c:\users\User\AppData\Local\Microsoft Help

2009-05-10 17:42 . 2009-05-10 17:42 -------- d--h--r C:\MSOCache

2009-05-10 17:02 . 2009-05-10 17:02 -------- d-----w C:\NVIDIA

2009-05-10 14:37 . 2009-05-24 18:33 -------- d-----w c:\users\User\AppData\Local\Nero

2009-05-10 14:15 . 2009-05-10 14:47 -------- d-----w c:\program files\Left 4 Dead

2009-05-10 14:15 . 2009-05-10 14:15 -------- d-----w c:\windows\Left 4 Dead

2009-05-10 13:14 . 2008-01-21 02:24 638976 ----a-w c:\windows\system32\win_utilman.exe

2009-05-10 13:14 . 2009-05-10 13:14 56 ---ha-w c:\windows\system32\ezsidmv.dat

2009-05-10 13:14 . 2009-05-10 13:14 91136 ----a-w c:\windows\system32\ezUninst.exe

2009-05-10 13:14 . 2009-05-10 13:14 49152 ----a-w c:\windows\system32\ezUPBHook.dll

2009-05-10 13:14 . 2009-05-10 13:14 268288 ----a-w c:\windows\system32\ezSetup.exe

2009-05-10 13:14 . 2009-05-10 13:14 15872 ----a-w c:\windows\system32\ezMAPIHelper.exe

2009-05-10 13:14 . 2009-05-10 13:14 111104 ----a-w c:\windows\system32\ezShellStart.exe

2009-05-10 10:38 . 1999-11-29 17:33 7440 ----a-w c:\windows\system32\kbdlk41j.Dll

2009-05-10 10:38 . 1999-12-07 06:00 6416 ----a-w c:\windows\system32\kbdbp.Dll

2009-05-10 10:38 . 1999-11-18 02:04 7440 ----a-w c:\windows\system32\Kbddll.dll

2009-05-10 10:38 . 1999-11-11 10:47 6928 ----a-w c:\windows\system32\kbdhebx.Dll

2009-05-10 10:38 . 2002-04-22 21:17 45056 ----a-w c:\windows\system32\newdll.dll

2009-05-10 10:38 . 2009-05-10 10:38 -------- d-----w c:\program files\Datecs

2009-05-10 00:05 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll

2009-05-10 00:05 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

2009-05-10 00:05 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-05-10 00:05 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll

2009-05-10 00:05 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe

2009-05-10 00:05 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

2009-05-10 00:05 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe

2009-05-10 00:02 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll

2009-05-10 00:02 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll

2009-05-10 00:02 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll

2009-05-10 00:01 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll

2009-05-10 00:01 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll

2009-05-10 00:01 . 2009-05-10 00:01 -------- d-----w c:\program files\MSXML 4.0

2009-05-09 21:01 . 1999-03-23 07:12 299520 ----a-w c:\windows\uninst.exe

2009-05-09 20:41 . 2009-05-09 20:41 -------- d-----w c:\program files\Lavalys

2009-05-09 20:00 . 2009-05-09 20:00 -------- d-----w c:\users\User\AppData\Roaming\Ubisoft

2009-05-09 20:00 . 2009-05-09 20:00 -------- d-----w c:\programdata\Ubisoft

2009-05-09 19:42 . 2009-05-14 03:56 -------- d-----w c:\program files\Ubisoft

2009-05-09 19:21 . 2009-05-24 07:44 -------- d-----w c:\program files\The KMPlayer

2009-05-09 19:13 . 2009-05-09 19:13 -------- d-----w c:\windows\Driver Cache

2009-05-09 19:13 . 2009-05-09 19:13 -------- d-----w c:\program files\AVerMedia

2009-05-09 18:57 . 2009-05-09 18:57 -------- d-----w c:\users\User\AppData\Roaming\NeroDCTemplates

2009-05-09 18:54 . 2009-05-24 13:44 -------- d-----w c:\users\User\AppData\Roaming\Nero

2009-05-09 18:19 . 2009-05-24 13:41 -------- d-----w c:\program files\Nero

2009-05-09 18:18 . 2009-05-24 13:43 -------- d-----w c:\program files\Common Files\Nero

2009-05-09 18:18 . 2009-05-24 13:41 -------- d-----w c:\programdata\Nero

2009-05-09 18:18 . 2009-05-09 18:18 -------- d-----w c:\program files\Common Files\LightScribe

2009-05-09 17:53 . 2009-05-11 09:43 -------- d-----w c:\programdata\LightScribe

2009-05-09 16:39 . 2009-05-09 16:51 -------- d-----w c:\users\rosen\AppData\Roaming\DAEMON Tools

2009-05-09 16:02 . 2009-05-09 16:02 -------- d-----w c:\users\rosen\AppData\Roaming\GRETECH

2009-05-09 16:02 . 2009-05-09 16:02 -------- d-----w c:\program files\GRETECH

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-28 01:14 . 2009-05-09 14:58 -------- d-----w c:\users\User\AppData\Roaming\DAEMON Tools

2009-05-27 18:41 . 2008-09-27 08:11 12 ----a-w c:\windows\bthservsdp.dat

2009-05-27 17:31 . 2008-09-27 08:44 113440 ----a-w c:\programdata\nvModes.dat

2009-05-27 13:08 . 2008-07-02 17:07 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-05-27 13:07 . 2008-07-02 17:07 -------- d-----w c:\programdata\Symantec

2009-05-25 10:53 . 2008-07-02 18:31 -------- d-----w c:\program files\Java

2009-05-18 17:37 . 2008-07-02 17:05 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-16 14:32 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-05-15 11:49 . 2009-05-15 11:49 103472 ----a-w c:\users\all\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-11 17:22 . 2009-05-11 17:22 103472 ----a-w c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-10 17:55 . 2009-05-09 11:20 103472 ----a-w c:\users\rosen\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-10 17:53 . 2008-07-02 18:09 -------- d-----w c:\programdata\Microsoft Help

2009-05-10 17:47 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild

2009-05-10 17:37 . 2008-09-27 08:50 -------- d-----w c:\programdata\NVIDIA

2009-05-10 13:14 . 2008-07-02 18:21 8292 ----a-w c:\windows\system32\ezdigsgn.dat

2009-05-10 00:30 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat

2009-05-09 11:20 . 2009-05-09 11:20 -------- d-----w c:\users\rosen\AppData\Roaming\Symantec

2009-05-09 10:38 . 2009-05-09 10:38 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-05-09 10:03 . 2008-09-27 08:49 -------- d-----w c:\programdata\CyberLink

2009-05-09 09:42 . 2008-07-02 17:42 -------- d-----w c:\programdata\WildTangent

2009-05-09 09:40 . 2009-05-09 09:40 32 ----a-w c:\programdata\ezsid.dat

2009-05-09 05:46 . 2009-05-09 05:46 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF84514NW_E465478-024_4A_I3603_SQuanta_V02.20_F.0C_T080918_WV3-1_L409_M3069_J320_7Intel_8676_92.00_#090509_N10EC8168;80864237_(FW699EA#ABB)_XMO

BILE_CN10_Z_2F.0C.MRK

2009-04-21 21:20 . 2009-04-21 21:20 14311680 ----a-w c:\windows\system32\xlive.dll

2009-04-21 21:20 . 2009-04-21 21:20 13642496 ----a-w c:\windows\system32\xlivefnt.dll

2009-04-17 06:48 . 2009-04-17 06:48 114528 ----a-w c:\windows\system32\drivers\jmcr.sys

2009-03-08 11:34 . 2009-05-09 14:58 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-05-09 14:58 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-05-09 14:58 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-05-09 14:58 109056 ----a-w c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-05-09 14:58 109568 ----a-w c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-05-09 14:58 132608 ----a-w c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-05-09 14:58 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-05-09 14:58 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-05-09 14:58 103936 ----a-w c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-05-09 14:58 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-05-09 14:58 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-05-09 14:58 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-05-09 14:58 66560 ----a-w c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-05-09 14:58 169472 ----a-w c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-05-09 14:58 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-05-09 14:58 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-05-09 14:58 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-05-09 14:58 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 06:06 . 2009-03-06 06:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys

2009-03-05 03:54 . 2009-03-05 03:54 73728 ----a-w c:\windows\system32\RtNicProp32.dll

2008-07-02 15:47 . 2008-07-02 15:47 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((( SnapShot@2009-05-27_17.47.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-05-27 18:20 41698 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-27 08:11 . 2009-05-27 18:42 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-09-27 08:11 . 2009-05-27 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-09-27 08:11 . 2009-05-27 18:42 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-27 08:11 . 2009-05-27 17:30 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-27 08:11 . 2009-05-27 18:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-09-27 08:11 . 2009-05-27 17:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-05-10 05:40 . 2009-05-25 12:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-05-10 05:40 . 2009-05-27 18:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-05-10 05:40 . 2009-05-27 18:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-05-10 05:40 . 2009-05-25 12:53 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-05-10 05:40 . 2009-05-25 12:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-05-10 05:40 . 2009-05-27 18:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-05-09 05:47 . 2009-05-27 18:20 5456 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2514056171-1166224141-2149493090-1000_UserData.bin

+ 2009-05-27 18:42 . 2009-05-27 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-05-27 15:20 . 2009-05-27 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-05-27 18:42 . 2009-05-27 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-05-27 15:20 . 2009-05-27 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 13:05 . 2009-05-27 18:20 102914 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-05-12 17:47 . 2009-05-27 18:41 1043152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"RGSC"="f:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-05-18 306088]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-24 468264]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-17 727592]

FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2009-5-10 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D1A19267-720D-45C7-BA29-21A2A647EF5B}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{B9AC649E-0A78-4DCC-9DAF-B51D71EE0A38}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{4802C87A-702A-4431-876A-5D11193D65B1}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{B12F35B4-F422-4B67-BB9F-3CA110ADF1A6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{0FC4DF7C-9FEC-442B-9468-5CA6B3C5DC9D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{5D406AE4-F07F-4153-9036-38CFF4942937}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{9C70456F-ECFC-4FCE-9E00-06EDA40B50AE}"= UDP:17804:BitComet 17804 TCP

"{A819E5D7-E9B1-41FF-ADB2-EB52591E6058}"= TCP:17804:BitComet 17804 UDP

"TCP Query User{52BF79F6-7F65-49C8-9D5B-D3CEBA256D75}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"UDP Query User{4D84D741-171B-4776-A5C5-9B7768D7E5ED}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath

"{5BF83EF4-0DCE-47A4-9564-DB1105D16549}"= UDP:f:\prince of persia\Prince of Persia.exe:Prince of Persia Dx

"{6E701431-BE56-48BD-813B-365AC08536F3}"= TCP:f:\prince of persia\Prince of Persia.exe:Prince of Persia Dx

"{41366894-C565-4431-A345-D3B14D33F172}"= UDP:f:\prince of persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"{306C325E-6A01-4C49-BF66-6946136434F6}"= TCP:f:\prince of persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update

"TCP Query User{18B1FEFC-7956-4E81-960F-B3968E4EC522}f:\\counter-strike\\hl.exe"= UDP:f:\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{09F01335-6BF9-4CB5-BE3D-8F0F84B159F6}f:\\counter-strike\\hl.exe"= TCP:f:\counter-strike\hl.exe:Half-Life Launcher

"{EDCEBA08-3A90-4B0E-A84B-0E026327559B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{8033D948-9891-4C4E-B6EE-12419A7B5E3C}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{4D75C391-1523-4D78-A4CF-026C8CEE3A8B}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{1FD4DDBD-A9C3-4920-94B5-C8FE1EFE6A33}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{17DF0F66-7ADC-44A1-AC1C-204CDAB14A10}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{4F210143-C5CD-4B46-920F-0824F3A31496}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{0F5523D7-6BA8-419B-9A34-760FB9EAB3ED}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead

"UDP Query User{5FF2D015-FD7C-47C3-8385-F005AB5C71D4}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead

"{B658BB4C-29EC-4A5D-9E3F-ECC98E5304E5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{0FACA8F0-6BB6-4460-943C-7F643A60CE3F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{D296CA6A-DB3F-4F18-914D-B554FBA9AD62}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{4CD86C2B-C1DE-4652-AF60-7FD94581DB94}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{38A34AFC-5B7D-4B1B-905C-F0CFB609272F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{87156E94-9DEF-4FB5-866A-D19A08B04DCE}f:\\half life\\hl2\\hl2.exe"= UDP:f:\half life\hl2\hl2.exe:hl2

"UDP Query User{07D91094-95B3-4CCE-A1F8-BCCF642AFC8C}f:\\half life\\hl2\\hl2.exe"= TCP:f:\half life\hl2\hl2.exe:hl2

"{BE0BD50B-800C-4199-AE63-74F501E0494E}"= UDP:c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe:EVEREST Ultimate Edition

"{F9A2C16C-737E-409A-982D-CD293CF8837F}"= TCP:c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe:EVEREST Ultimate Edition

"TCP Query User{C8352A4C-A496-4FCC-89D7-9F5178B0A72A}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{1160E15F-F4FE-477E-B6B3-2B26F97A6841}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"TCP Query User{9F2A8CF4-8203-4F01-8B79-E5278EB8AE14}c:\\windows\\explorer.exe"= UDP:c:\windows\explorer.exe:Windows Explorer

"UDP Query User{9BAD5322-E370-448A-A36F-6EEAF637E101}c:\\windows\\explorer.exe"= TCP:c:\windows\explorer.exe:Windows Explorer

"{9946B689-4843-494C-A639-0F5202DAF3D0}"= UDP:17804:BitComet 17804 TCP

"{8E93DEDD-8DAE-4B26-84CE-F4BF73EAE93F}"= TCP:17804:BitComet 17804 UDP

"{94C90566-97C0-4D31-A77F-0574EA643D6E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{5275B171-726F-425F-8052-8F41EE77F9F8}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{9E89D40F-7D6A-4FEC-A8DB-D13A5C6E2525}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{A82881B4-3C35-45BC-8017-D4E8FC9AD9B0}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{958B2B9E-523D-4D43-99BC-5D0578F62E23}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{C3A949CF-031F-4F56-8756-4589F6BDE6A4}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"TCP Query User{FD86E422-D391-4D53-80C3-F0EC34BE7825}f:\\half life\\hl2\\hl2.exe"= UDP:f:\half life\hl2\hl2.exe:hl2

"UDP Query User{9AE0D4EA-DDEE-4886-8253-14A2BBF25F86}f:\\half life\\hl2\\hl2.exe"= TCP:f:\half life\hl2\hl2.exe:hl2

"{05092115-0D67-4CC8-BFBB-E04D74704BF3}"= UDP:c:\program files\Activision\X-Men Origins - Wolverine\Binaries\Wolverine.exe:X-Men Origins - Wolverine

"{BC261CFE-CF5F-4236-A990-7B8139DFBA2B}"= TCP:c:\program files\Activision\X-Men Origins - Wolverine\Binaries\Wolverine.exe:X-Men Origins - Wolverine

"{3F142349-23D7-45BA-9533-8167D9C46CB4}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{5CD145D9-D607-45CA-AC40-5EAB00A3A0A9}"= UDP:f:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{920D8BF9-403A-4277-9818-684822C6A675}"= TCP:f:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{74632C98-0192-4C53-A345-4C9FFAE08664}"= UDP:f:\rockstar games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{171565A4-B6F6-496D-B33B-01216524ECD7}"= TCP:f:\rockstar games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"TCP Query User{612159B0-E64D-4111-90C4-8E5E8078091B}f:\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:f:\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"UDP Query User{9FA4F7DC-3DFF-4535-8526-ABE944199B6B}f:\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:f:\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"TCP Query User{30DC198A-9802-46EA-AF57-2F90A4C8A8AA}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer

"UDP Query User{7CEE600E-2A67-4E29-BA2A-71EDB8261D5A}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer

"TCP Query User{2FA6753E-7D33-4558-84E0-F0A1897A653B}c:\\users\\user\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\user\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

"UDP Query User{0C8A11A1-DD20-494C-8CA6-0EE97FEB0B9E}c:\\users\\user\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\user\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [27.9.2008 і. 11:18 73728]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21.1.2008 і. 05:23 21504]

R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19.3.2008 і. 02:24 19456]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2.7.2008 і. 21:26 341328]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24.1.2008 і. 16:23 52736]

R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [17.4.2009 і. 09:48 114528]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 і. 15:40 3668480]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23.5.2008 і. 06:29 43552]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2.7.2008 і. 20:29 193840]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;f:\downloads\Everest Ultimate Engineer Edition 5.00.1692 (multi)\Everest Ultimate Engineer Edition 5.00.1692 (Multilanguage)\kerneld.wnt [16.5.2009 і. 12:14 26224]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{A1953874-5815-44FF-9509-2C81765588EE}.job

- c:\windows\system32\msfeedssync.exe [2009-05-09 11:31]

2009-05-27 c:\windows\Tasks\User_Feed_Synchronization-{DD313412-8BC6-47F1-9C0C-AFFFC1E7DD33}.job

- c:\windows\system32\msfeedssync.exe [2009-05-09 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://######/

IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-27 21:44

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\f:\downloads\Everest Ultimate Engineer Edition 5.00.1692 (multi)\Everest Ultimate Engineer Edition 5.00.1692 (Multilanguage)\kerneld.wnt"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2514056171-1166224141-2149493090-1000\Software\SecuROM\License information*]

"datasecu"=hex:21,01,9b,3c,56,e4,6d,1b,00,1f,54,9b,b7,77,fa,fe,aa,5e,96,90,29,

05,f4,09,c4,ab,3f,16,c6,63,28,1b,9f,99,bc,70,e7,ed,74,c8,a7,d8,72,dc,ab,f3,\

"rkeysecu"=hex:c1,7f,15,d2,4b,40,f2,1f,fb,ab,85,2a,cf,91,ec,eb

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6108)

c:\windows\system32\newdll.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\System32\IoctlSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

f:\rockstar games\Rockstar Games Social Club\1_1_3_0\RGSC.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Completion time: 2009-05-27 21:47 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-27 18:47

ComboFix2.txt 2009-05-27 18:23

ComboFix3.txt 2009-05-27 17:48

Pre-Run: 65 513 766 912 bytes free

Post-Run: 65 228 931 072 bytes free

410 --- E O F --- 2009-05-27 17:42

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:06:40, on 29.5.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Your Cottonelle Puppy\Your Cottonelle Puppy.exe

C:\Program Files\Symantec AntiVirus\DoScan.exe

C:\Program Files\ScreenMates\Felix II\Felix2.exe

C:\WINDOWS\sysguard.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\Datecs\Flex2K.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\User1\Desktop\post.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

O1 - Hosts: ::1 localhost

O1 - Hosts: 94.232.248.66 usantivirpro.com

O1 - Hosts: 94.232.248.66 www.usantivirpro.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: BHO - {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} - C:\WINDOWS\system32\iehelper.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [mssysif] C:\WINDOWS\system32\LIAR6.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\User1\My Documents\Yod'm 3D\Yodm3D.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Download Master] C:\Program Files\Download Master\dmaster.exe -autorun

O4 - HKCU\..\Run: [Your Cottonelle Puppy] "C:\Program Files\Your Cottonelle Puppy\Your Cottonelle Puppy.exe" -r

O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe

O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: FlexType 2K.lnk = ?

O8 - Extra context menu item: &С&валяне &с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &С&валяне на всички с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &С&валяне на всичкото видео с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer\Add_UrlO.htm

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer\Add_AllO.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Security Center wscsvcWmi (wscsvcWmi) - Unknown owner - C:\WINDOWS\system32\activedsl.exe (file missing)

--

End of file - 10245 bytes

  • Автор

@stemil1 Ако бяхте изпълнили още в първия пост на тази тема ==Препоръчителни действия, преди да анализирате с HiJackThis == ,състоянието на вашата ОС,най вероятно, нямаше да изглежда така трагично,както е в момента!

Здравейте, имам опасения, че имам някакъв вирус, до определени сайтове не ме допукуска. Моля, някой който разбира да погледне лога. Сканирах с Avira и Malwarebytes' Anti-Malware откри някакви гадини, но няма сполука.

============================================================

Edit:

Ще Ви помоля за логовете от ComboFix ,да се представят в темата:Помощ при откриване и премахване на вируси, троянски коне и др., част 2 ,тук се представят само логове от HiJackThis

Благодаря!

Редактирано от mihnev_sz (преглед на промените)

Има ли нещо нередно в лога ?

Поздрави !

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:47:38, on 30.5.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Datecs\FlexType 2K\FType2K.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

D:\My Programs\Malwarebytes' Anti-Malware\mbamservice.exe

D:\My Programs\Raxco\PerfectDisk10\PDAgent.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\System32\TuneUpDefragService.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\My Programs\Internet Download Manager\IDMan.exe

D:\My Programs\Internet Download Manager\IEMonitor.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 91.121.97.18 ######

O1 - Hosts: 91.121.97.18 www.######

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\My Programs\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\My Programs\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Свали видео съдържанието на FLV с IDM - D:\My Programs\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Свали всички линкове с IDM - D:\My Programs\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Свали с IDM - D:\My Programs\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - D:\My Programs\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - D:\My Programs\Raxco\PerfectDisk10\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - D:\My Programs\Raxco\PerfectDisk10\PDEngine.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 8651 bytes

@stemil1

Натисни (Ctrl + Alt + Del => Task Manager => Processes => и прекрати следния процес) => C:\WINDOWS\sysguard.exe (End process)

Стартирай HijackThis и избери "Do a system scan only"

Маркирай следните неща и избери "Fix Checked"

O1 - Hosts: 94.232.248.66 usantivirpro.com

O1 - Hosts: 94.232.248.66 www.usantivirpro.com

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: BHO - {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} - C:\WINDOWS\system32\iehelper.dll

O4 - HKLM\..\Run: [mssysif] C:\WINDOWS\system32\LIAR6.EXE

O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)

O23 - Service: Security Center wscsvcWmi (wscsvcWmi) - Unknown owner - C:\WINDOWS\system32\activedsl.exe (file missing)

Ако незнаеш за какво е тази програма (аз намерих протеворичиви данни за нея) я деинсталирай => Your Cottonelle Puppy

Временно деинсталирай WinAmp и го замени с AIMP2 или приложение по избор.

Според Secunia има уязвимост в WinAmp, но засега няма пач за продукта...

cjv21govffly2bgmv03zo790vxl8qprbged98s86.jpg

http://secunia.com/advisories/35126/

Обнови Adobe Reader с Adobe Reader Lite 9.1 (по-надолу има линк за по-новата версия) и Bonjour for Windows (пак има линк по-надолу).

Деинсталирай Google Toolbar, ако не го използваш.

Ако не използваш Messenger направи следното => Start => Run => напиши services.msc => Enter => намери услугата Messenger => стартирай я с двукратен клик на мишката и от падащото меню я сложи на Disabled.

Отвори Notepad и въведи:

@echo off

sc stop wscsvcWmi

sc delete wscsvcWmi

del fix.bat
Запази файла с име fix.bat и го стартирай. Изтегли => StartupLite и премахни излишните програми стартиращи се с Операционната Система. За финал изпълни следните стъпки: *. Временно спри защитата на антивирусната си програма в реално време. *. Изтегли Combofix. *. Запази го на ДЕСКТОПА. *. Въведи следната команда: Start => run => въведи 
"%userprofile%\desktop\combofix.exe" /killall

killall.JPG

*. По времето на сканиране от страна на ComboFix не стартирай никакви други приложения, не натискай клавиши от клавиатурата и не мести мишката !

*. Публикувай лог файла в следващия си пост.

@bo4man

Стартирай HijackThis и избери "Do a system scan only"

Маркирай следните неща и избери "Fix Checked"

O1 - Hosts: 91.121.97.18 ######

O1 - Hosts: 91.121.97.18 www.######

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

Бъди сигурен, че си обновил с последната версия на Adobe Reader (може да използваш и Lite версията, която е лишена от доста ненужни неща).

http://store2.data.bg/theunderwater/Kaldat...aldata.com).exe

Нарочно не препоръчвам Foxit Reader, защото прочетох лоши неща за него напоследък... sad.gif

http://hphosts.blogspot.com/2009/05/foxit-...ly-malware.html

Обнови и версията на Java (ако вече не си го направил):

http://www.kaldata.com/comments.php?id=456...;highlight=java

Снабди се и с най-новата версия на Bonjour for Windows

http://support.apple.com/downloads/DL755/e...onjourSetup.exe

Деинсталирай и Google Toolbar, ако не го използваш.

И като лекa критикa...FlexType е непрепоръчителна програма. Windows може да се кирилизира успешно и без тази бозица.

http://www.kaldata.com/forums/index.php?showtopic=29819

ComboFix 09-05-29.01 - User1 05.2009 г. 13:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2039.1535 [GMT 3:00]

Running from: c:\documents and settings\User1\desktop\combofix.exe

Command switches used :: /killall

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\ammppg.dll

c:\windows\system32\UACdqbyhrhpkxrjglf.log

c:\windows\system32\UACkltfqrmpxgbluyq.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-30 )))))))))))))))))))))))))))))))

.

2009-05-30 10:25 . 2009-05-30 10:25 -------- d-----w c:\windows\system32\xircom

2009-05-30 10:25 . 2009-05-30 10:25 -------- d-----w c:\program files\microsoft frontpage

2009-05-30 08:21 . 2009-05-26 10:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-30 08:21 . 2009-05-30 08:21 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-30 08:21 . 2009-05-26 10:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-29 17:25 . 2009-05-29 17:25 -------- d-----w c:\documents and settings\User1\DoctorWeb

2009-05-20 20:50 . 2009-05-20 20:52 -------- d-----w c:\program files\Vista Rainbar

2009-05-18 22:06 . 2009-05-18 22:08 409600 ----a-w c:\windows\system32\wrap_oal.dll

2009-05-18 22:06 . 2009-05-18 22:08 114688 ----a-w c:\windows\system32\OpenAL32.dll

2009-05-18 22:00 . 2009-05-18 22:00 -------- d-----w c:\windows\Downloaded Installations

2009-05-16 19:26 . 2009-05-16 19:26 -------- d-----w c:\documents and settings\User1\Application Data\vlc

2009-05-04 22:39 . 2009-05-05 06:48 117 --s-a-w c:\windows\system32\2753430839.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-30 10:26 . 2009-03-13 10:08 -------- d-----w c:\program files\Symantec AntiVirus

2009-05-30 10:21 . 2009-03-13 12:50 -------- d-----w c:\program files\BitComet

2009-05-29 10:28 . 2009-03-30 15:58 -------- d-----w c:\program files\OpenOffice.org 3

2009-05-29 10:26 . 2009-03-13 12:56 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-05-27 21:32 . 2009-03-13 13:03 -------- d-----w c:\documents and settings\User1\Application Data\Skype

2009-05-23 08:32 . 2009-03-30 16:00 1 ----a-w c:\documents and settings\User1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-05-16 08:27 . 2009-04-11 19:20 -------- d-----w c:\program files\ScreenMates

2009-05-11 10:43 . 2009-03-20 16:48 -------- d-----w c:\documents and settings\User1\Application Data\SUPERAntiSpyware.com

2009-05-11 10:43 . 2009-03-13 16:00 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-04-24 12:59 . 2009-04-24 12:56 -------- d-----w c:\documents and settings\User1\Application Data\Download Master

2009-04-23 12:52 . 2009-04-23 12:50 -------- d-----w c:\documents and settings\User1\Application Data\Hide IP NG

2009-04-22 17:20 . 2009-03-22 13:11 -------- d-----w c:\documents and settings\User1\Application Data\IDM

2009-04-22 17:18 . 2009-03-22 13:11 -------- d-----w c:\documents and settings\User1\Application Data\DMCache

2009-04-22 12:33 . 2009-03-13 13:12 46392 ---ha-w c:\windows\system32\mlfcache.dat

2009-04-19 21:37 . 2009-03-13 09:39 52552 ----a-w c:\documents and settings\User1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-16 14:35 . 2009-04-16 14:35 -------- d-----w c:\documents and settings\All Users\Application Data\Soulseek

2009-04-14 16:37 . 2009-03-20 15:32 721904 ----a-w c:\windows\system32\drivers\sptd.sys

2009-04-14 13:50 . 2009-04-14 13:50 -------- d-----w c:\documents and settings\User1\Application Data\ICAClient

2009-04-12 22:11 . 2009-03-20 17:09 -------- d-----w c:\documents and settings\User1\Application Data\DeskSoft

2009-04-12 18:38 . 2009-04-12 18:38 2560 ----a-w c:\windows\_MSRSTRT.EXE

2009-04-12 18:09 . 2009-04-12 13:49 873472 ----a-w c:\windows\WATERYDS.SCR

2009-04-12 13:49 . 2009-04-12 13:49 -------- d-----w c:\program files\PUSH Entertainment

2009-04-11 17:46 . 2009-04-11 17:45 -------- d-----w c:\program files\DeskMates

2009-04-11 13:58 . 2009-04-11 13:58 -------- d-----w c:\documents and settings\User1\Application Data\FDRLab

2009-04-07 23:15 . 2009-04-07 23:15 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2

2009-04-05 19:26 . 2009-04-05 19:26 2814112 ----a-w c:\documents and settings\User1\Application Data\IDM\idmupdt.exe

2009-04-02 19:19 . 2009-04-02 19:19 -------- d-sh--w c:\documents and settings\All Users\Application Data\PCDM

2009-03-29 14:02 . 2009-03-29 14:02 319488 ----a-w c:\windows\HideWin.exe

2009-03-29 00:08 . 2009-03-29 00:08 21035 ----a-w c:\windows\system32\drivers\AegisP.sys

2009-03-27 16:43 . 2009-03-30 11:42 82448 ----a-w c:\windows\system32\drivers\VBoxNetAdp.sys

2009-03-22 13:30 . 2009-03-22 13:30 1048576 ----a-w c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\zt25vx7x.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

2009-03-21 15:33 . 2009-03-20 17:09 65536 ----a-w c:\windows\DTDraw.dll

2009-03-20 21:35 . 2009-03-20 21:36 737280 ----a-w c:\windows\iun6002.exe

2009-03-19 22:33 . 2009-03-19 19:34 10 ----a-w c:\windows\popcinfo.dat

2009-03-16 13:20 . 2009-03-16 13:20 1079 ----a-w c:\windows\system32\unins000.dat

2009-03-16 13:20 . 2009-03-16 13:20 695578 ----a-w c:\windows\system32\unins000.exe

2009-03-13 09:57 . 2009-03-13 08:56 89783 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-03-13 08:53 . 2009-03-13 08:53 21640 ----a-w c:\windows\system32\emptyregdb.dat

2009-03-06 13:49 . 2008-04-14 04:42 284160 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:18 . 2008-12-20 22:15 826368 ----a-w c:\windows\system32\wininet.dll

.

------- Sigcheck -------

[-] 2009-01-08 20:12 361600 5AE1C2695F6523AD98B948F2887D8C5E c:\windows\system32\drivers\tcpip.sys

[-] 2009-01-08 19:41 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]

"Felix II"="c:\program files\ScreenMates\Felix II\Felix2.exe" [2009-05-25 958464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2006-08-03 639040]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-11-14 33792]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]

"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]

"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-04-24 225280]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-11-06 1826816]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-06 16384512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

FlexType 2K.lnk - c:\windows\Datecs\Flex2K.exe [2009-3-13 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]

2006-08-03 01:20 188482 ----a-w c:\windows\system32\LgNotify.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Winamp\\winampa.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11142:TCP"= 11142:TCP:BitComet 11142 TCP

"11142:UDP"= 11142:UDP:BitComet 11142 UDP

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [29.3.2009 і. 03:09 38144]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [29.3.2009 і. 03:40 275712]

S0 bgdfq;bgdfq;c:\windows\system32\drivers\bikd.sys --> c:\windows\system32\drivers\bikd.sys [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.3.2009 і. 16:52 1684736]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [16.3.2009 і. 01:10 19018]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17.4.2005 і. 13:30 124608]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [30.3.2009 і. 14:42 82448]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv10910

.

Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yodm3D - c:\documents and settings\User1\My Documents\Yod'm 3D\Yodm3D.exe

HKCU-Run-Download Master - c:\program files\Download Master\dmaster.exe

HKLM-Run-NWEReboot - (no file)

SafeBoot-procexp90.Sys

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.bg/

uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

uInternet Settings,ProxyServer = socks=

IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: &С&валяне на всичкото видео с BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer\Add_UrlO.htm

IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer\Add_AllO.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Закачать ВСЕ при помощи Download Master

IE: Закачать при помощи Download Master

IE: Передать на удаленную закачку DM

FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\zt25vx7x.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.bg

FF - component: c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\zt25vx7x.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-30 13:26

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):0b,6b,19,0a,f4,08,c2,88,1b,c1,84,e1,31,31,70,bd,61,1d,ca,f8,40,

74,25,e3,28,58,f4,41,e2,2f,c1,64,6e,c6,9a,fc,7b,6e,ed,6f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{acb18201-5fcd-4f74-9419-f4ed77c1f07f}]

@Denied: (Full) (Everyone)

"Model"=dword:0000006d

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)

c:\windows\system32\LgNotify.dll

- - - - - - - > 'explorer.exe'(2200)

c:\windows\system32\newdll.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\Symantec AntiVirus\DoScan.exe

c:\windows\system32\wscntfy.exe

c:\program files\ATK Hotkey\ATKOSD.exe

.

**************************************************************************

.

Completion time: 2009-05-30 13:28 - machine was rebooted

ComboFix-quarantined-files.txt 2009-05-30 10:28

Pre-Run: 19 163 070 464 bytes free

Post-Run: 19 691 745 280 bytes free

209 --- E O F --- 2009-05-28 11:24

Отвори Notepad и въведи:

KILLALL::


Driver::

bgdfq

wscsvcWmi


Rootkit::

c:\windows\system32\drivers\bikd.sys


Folder::

c:\documents and settings\User1\DoctorWeb


File::

c:\windows\system32\2753430839.dat

c:\windows\system32\mlfcache.dat

c:\windows\_MSRSTRT.EXE

c:\windows\iun6002.exe

c:\windows\popcinfo.dat

c:\windows\system32\unins000.dat

c:\windows\system32\unins000.exe

C:\WINDOWS\system32\iehelper.dll

C:\WINDOWS\system32\LIAR6.EXE

C:\WINDOWS\sysguard.exe

C:\WINDOWS\system32\activedsl.exe


Registry::

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"=-


Reglock::

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{acb18201-5fcd-4f74-9419-f4ed77c1f07f}]


sysrst::

Запази файла с име CFScript и го провлачи в Combofix.

cfscriptyr1.gif

Публикувай новия лог файл в следващия си пост.

Имам малък проблем. Компа ми отново започна да се бави особено explorera.. кат дам на някоя папка или back и трябва да чакам 3-4 сек. като цяло целия комп се бави но това с expworera супер много ме изнервя ..

Ето лог от HiJackThis

Logfile of HijackThis v1.99.1

Scan saved at 12:38:59, on 30.05.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\VM_STI.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.41.9:8080

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\opnkiICv.dll (file missing)

O2 - BHO: (no name) - {7A4BDA0D-CE77-44AF-9EE8-4AB4AC26A298} - C:\WINDOWS\system32\wvUkKaWN.dll (file missing)

O2 - BHO: qs Class - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - (no file)

O2 - BHO: (no name) - {DAF960F3-8AA6-4826-B9F7-DCA3EB035919} - C:\WINDOWS\system32\ljJBsPhF.dll (file missing)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Windows System Update] C:\TEMP\CSRSS.EXE

O4 - HKLM\..\Run: [sYSTRAY_UPDATE] C:\TEMP\systray.exe

O4 - HKLM\..\Run: [RUNDLL32] C:\TEMP\rundll32.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: TrayMin210.exe.lnk = ?

O8 - Extra context menu item: &С&валяне &с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &С&валяне на всички с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &С&валяне на всичкото видео с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

O20 - Winlogon Notify: cbXPhheB - cbXPhheB.dll (file missing)

O20 - Winlogon Notify: opnkiICv - opnkiICv.dll (file missing)

O20 - Winlogon Notify: vtUoOeFX - vtUoOeFX.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)

Гост
Тази тема е заключена за нови отговори.
Назад

Разглеждащи това в момента 0

  • Няма регистрирани потребители разглеждащи тази страница.

Дарение

  • Подкрепи съществуването на форума - направи дарение
    25%
    Дарени 252.69 EUR от нужните 1,000.00 EUR

Бюлетин

Получавайте известие, когато има важна промяна или новина свързана с форума.
Абонирайте се

Профил

Навигация

Търсене

Търсене

Конфигуриране на push известия в браузъра
Chrome (Android)
  1. Докоснете иконата на катинар до адресната лента.
  2. Докоснете Разрешения → Известия.
  3. Променете предпочитанията си.
Chrome (Desktop)
  1. Кликнете върху иконата на катинар в адресната лента.
  2. Изберете Настройки на сайта.
  3. Намерете Известия и коригирайте предпочитанията си.