Zle DNS - Trojan.DNSChanger Vyřešeno

[tre-SKA]

Dobry den.

Mam notebook s Vistou 32 bit.

Mam problem s pripojenim na internet. Pripajam sa cez lokalnu lan siet. Vsetky udaje mam spravne IP, DNS a pod. ak dam opravit pripojenie tak mi napise ze sa nemoze pripojit na DNS - 85.255.116.163. ale pritom toto dns v nastaveniach nemam. Loklana siet ide aj ked zadam adresu v tvare http://72.14.221.103/ a ta v pohode ide... cize jednoznacne zle DNS... skusal som googlit tuto adresu 85.255.116.163 a dostal som sa k Trojan.DNSChanger. nasiel som nejake navody ako to odstranit ale ani jeden nezabral... prikladam log z hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:23, on 10. 2. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ChkMail\ChkMail\ChkMail.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.uniba.sk/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{81EEFA44-41B0-4FFC-83AA-129E47BF165D}: NameServer = 158.195.40.1,158.195.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\System32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 11076 bytes

[Reklama]

[jaro3]

Nedávej log do code!!
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
+napiš verzi win vista (32 nebo 64bit.)

[tre-SKA]

Malwarebytes' Anti-Malware som skusal ... a kedze sa nemam ako pripojit na internet tak nema ako aktualizovat... a spustal som scan a nic nenasiel.... ale zajtra ti sem hodim log

[jaro3]

Vypni si potom rez. ochranu u NOD32 a štít u Windows defender a dostaň do PC (fleškou, na CD):
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[tre-SKA]

ComboFix 09-02-10.03 - admin 2009-02-11 14:29:47.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.1.1033.18.3070.1915 [GMT 1:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\programdata\Microsoft\Windows\Start Menu\Programs\coolplay
c:\programdata\Microsoft\Windows\Start Menu\Programs\coolplay\Uninstall.lnk
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\coolplay
c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\gaopdxeorpbinx.sys
c:\windows\system32\gaopdxxpqvqpxy.dll
D:\Autorun.inf
d:\recycler\S-2-9-38-100024863-100014923-100027064-3197.com
F:\Autorun.inf
f:\recycler\S-2-9-38-100024863-100014923-100027064-3197.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-10 12:43 . 2009-02-10 12:43 <DIR> d-------- c:\program files\Trend Micro
2009-02-10 12:32 . 2009-02-10 12:42 <DIR> d-------- c:\programdata\ParetoLogic
2009-02-10 12:32 . 2009-02-10 12:42 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-02-10 12:30 . 2009-02-10 12:30 <DIR> d-------- C:\fixwareout
2009-02-10 10:01 . 2009-02-10 10:01 <DIR> d-------- c:\users\admin\AppData\Roaming\Malwarebytes
2009-02-10 10:01 . 2009-02-10 10:01 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-07 13:27 . 2009-02-07 13:36 <DIR> d-------- c:\users\admin\AppData\Roaming\Nikon
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\programdata\Ultima_T15
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\programdata\Nikon
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\programdata\EnterNHelp
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\programdata\Commands
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\program files\Nikon
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2009-02-07 13:21 . 2009-02-07 13:36 20 ---h----- c:\programdata\PKP_DLdu.DAT
2009-02-07 13:20 . 2009-02-07 13:31 <DIR> d-------- c:\program files\Common Files\Nikon
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-03 13:55 . 2009-02-03 13:55 <DIR> d-------- c:\users\admin\AppData\Roaming\AdobeUM
2009-02-03 13:53 . 2009-02-03 13:57 <DIR> d-------- c:\program files\SPSSEVAL
2009-02-03 13:44 . 2009-02-03 13:44 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-03 13:35 . 2009-02-03 13:35 <DIR> d-------- c:\programdata\StatSoft
2009-02-03 13:35 . 1999-09-09 12:28 446,464 --a------ c:\windows\System32\HHActiveX.dll
2009-02-03 13:35 . 2001-03-05 12:11 98,304 --a------ c:\windows\System32\tsccvid.dll
2009-02-03 13:35 . 2009-02-03 13:35 2,074 --a------ c:\users\admin\AppData\Roaming\WWB7_32.DAT
2009-02-03 13:34 . 2009-02-03 13:34 <DIR> d-------- c:\program files\StatSoft
2009-01-29 22:06 . 2009-02-11 14:28 4 --a------ c:\windows\System32\gaopdxcounter
2009-01-17 12:18 . 2009-01-17 12:18 <DIR> d-------- c:\program files\VDOWNLOADER
2009-01-17 11:24 . 2009-01-17 11:24 <DIR> d-------- c:\program files\WinPcap
2009-01-17 11:22 . 2009-01-17 12:24 <DIR> d-------- c:\program files\WMR11
2009-01-15 07:36 . 2009-01-15 07:36 0 --a------ c:\windows\OpPrintServer.INI
2009-01-14 15:33 . 2009-01-14 15:33 <DIR> d-------- c:\users\admin\AppData\Roaming\ZoomBrowser EX
2009-01-14 14:15 . 2009-01-14 14:15 <DIR> d-------- c:\programdata\ZoomBrowser
2009-01-14 14:14 . 2009-01-14 14:14 <DIR> d-------- c:\program files\Common Files\Canon
2009-01-14 12:26 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 13:35 45,056 ----a-w c:\windows\System32\acovcnt.exe
2009-02-11 08:28 --------- d-----w c:\users\admin\AppData\Roaming\uTorrent
2009-02-07 12:20 106,496 ----a-w c:\windows\System32\ATL71.DLL
2009-01-29 21:06 56,832 ----a-w c:\windows\System32\gaopdxxpqvqpxy.dll
2009-01-15 06:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 06:41 --------- d-----w c:\program files\Canon
2009-01-15 06:34 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-14 13:37 --------- d-----w c:\programdata\Microsoft Help
2009-01-14 13:37 --------- d-----w c:\program files\Windows Mail
2008-12-14 09:54 --------- d-----w c:\users\admin\AppData\Roaming\CTVoD
2008-12-14 09:24 --------- d-----w c:\program files\VisualConnection
2008-12-13 12:03 --------- d-----w c:\users\admin\AppData\Roaming\DivX
2008-11-21 21:47 129,784 ------w c:\windows\System32\pxafs.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe
2008-07-02 02:28 61,440 ----a-w c:\program files\Common Files\CPInstallAction.dll
2008-05-22 16:35 51,962 ----a-w c:\program files\Common Files\banner.jpg
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2007-06-12 17:34 35,822 ----a-w c:\program files\Common Files\ASPG_icon.ico
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2008-04-03 87336]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-25 677144]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2008-01-26 778240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-09-30 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-09-30 47672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-07-17 217180]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-10 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{752C1314-A8D7-4BC7-95E0-CC2E38FA71CE}"= c:\program files\ASUSTek\ASUSDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8871193A-BE1D-445B-95E9-75C451453246}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2D5C8B53-007E-4EED-86F1-24373E5650A2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{93F6891E-9C0D-482F-861C-D31FE1235E43}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{091DFD89-08EC-44C1-B59C-2D667FC457E6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{50ABE776-B703-46B3-A09C-4627A5432618}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{28B3885C-D154-457B-AD74-88469F4CCAC4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E0FC80AB-B7F7-4199-9602-B2802A20EA56}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D7B8B911-C0A8-4D91-8A0E-2FE37A55841D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{601C980D-FAF2-47F6-A1E3-78C94DD6C655}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{56570C62-ACBA-4A7E-AC4C-6A119A62E8D9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D4A078A5-5781-46FA-8BD4-2C2FB36AC0D5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6E411851-C400-481C-A2BC-E1E45AAF58AD}f:\\david\\mbl_kurz\\zo_servera\\ftpwanderer2\\ftpwanderer.exe"= UDP:f:\david\mbl_kurz\zo_servera\ftpwanderer2\ftpwanderer.exe:FTP Wanderer
"UDP Query User{8AFBDCF0-E0E3-47F6-8195-6C503EB885A8}f:\\david\\mbl_kurz\\zo_servera\\ftpwanderer2\\ftpwanderer.exe"= TCP:f:\david\mbl_kurz\zo_servera\ftpwanderer2\ftpwanderer.exe:FTP Wanderer

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [2008-10-11 39472]
R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-09-30 15416]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-03-13 33800]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-07-24 38816]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2008-09-30 72192]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [2008-02-05 206464]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-09-30 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-06-25 3662848]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [2008-01-31 6528]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-09-30 29736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-06 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1429c9d8-bc49-11dd-927b-002243bd61c6}]
\shell\AutoRun\command - .\run\autorun.exe
\shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3982a731-bf71-11dd-a233-002243bd61c6}]
\shell\AutoRun\command - .\run\autorun.exe
\shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3982a737-bf71-11dd-a233-002243bd61c6}]
\shell\AutoRun\command - H:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c996c293-f1c8-11dd-9169-0023543605f4}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []

2009-02-11 c:\windows\Tasks\User_Feed_Synchronization-{730D9F09-3B02-4600-A517-49B53FF8D03C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {81EEFA44-41B0-4FFC-83AA-129E47BF165D} = 158.195.40.1,158.195.2.2
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mgiz1bsq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxps://nic.fns.uniba.sk/squirrelmail/src/login.php
FF - prefs.js: network.proxy.http - http://www.uniba.sk/proxy.pac
FF - prefs.js: network.proxy.type - 1
1 file(s) moved.
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 14:36:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(784)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(4272)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\ASUS\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IfxPsdSv.exe
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\System32\conime.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTNA.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2009-02-11 14:38:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-11 13:38:26

Pre-Run: 105,758,269,440 bytes free
Post-Run: 106,302,472,192 bytes free

284 --- E O F --- 2009-01-26 19:11:21

[jaro3]

Toto otestuj na Virustotal
c:\windows\OpPrintServer.INI
c:\windows\System32\gaopdxxpqvqpxy.dll
c:\program files\Common Files\CPInstallAction.dll
Vlož sem pak odkazy výsledků.

[tre-SKA]

takze tu je vypis z CPInstallAction.dll

http://www.virustotal.com/cs/analisis/5 ... c6cfbf6f86

OpPrintServer.INI ma nulovu velkost

gaopdxxpqvqpxy.dll som nenasiel ale nasiel som toto C:\Qoobox\Quarantine\C\Windows\System32\gaopdxxpqvqpxy.dll.vir

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
C:\fixwareout

File::
c:\windows\System32\gaopdxcounter
c:\windows\System32\gaopdxxpqvqpxy.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[tre-SKA]

takze log z combofix

ComboFix 09-02-10.03 - admin 2009-02-27 10:32:39.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.1.1033.18.3070.1494 [GMT 1:00]
Running from: g:\navod\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\windows\System32\gaopdxcounter
c:\windows\System32\gaopdxxpqvqpxy.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fixwareout
c:\fixwareout\FindT\dumphive.exe
c:\fixwareout\FindT\FixWareOut.reg
c:\fixwareout\FindT\nircmd.exe
c:\fixwareout\FindT\patterns.txt
c:\fixwareout\FindT\rbot.bat
c:\fixwareout\FindT\RestartIt.exe
c:\fixwareout\FindT\runs.vbs
c:\fixwareout\FindT\swreg.exe
c:\fixwareout\FindT\vfind.exe
c:\fixwareout\FindT\XP-2K2.cmd
c:\fixwareout\FixIt.BAT
c:\windows\system32\acovcnt.exe
c:\windows\system32\gaopdxcounter

.
((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-11 17:38 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 17:38 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 12:43 . 2009-02-10 12:43 <DIR> d-------- c:\program files\Trend Micro
2009-02-10 12:32 . 2009-02-10 12:42 <DIR> d-------- c:\programdata\ParetoLogic
2009-02-10 12:32 . 2009-02-10 12:42 <DIR> d-------- c:\program files\Common Files\ParetoLogic
2009-02-10 10:01 . 2009-02-10 10:01 <DIR> d-------- c:\users\admin\AppData\Roaming\Malwarebytes
2009-02-10 10:01 . 2009-02-10 10:01 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-07 13:27 . 2009-02-07 13:36 <DIR> d-------- c:\users\admin\AppData\Roaming\Nikon
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\programdata\Ultima_T15
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\programdata\Nikon
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\programdata\EnterNHelp
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\programdata\Commands
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\program files\Nikon
2009-02-07 13:21 . 2009-02-07 13:21 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2009-02-07 13:21 . 2009-02-07 13:36 20 ---h----- c:\programdata\PKP_DLdu.DAT
2009-02-07 13:20 . 2009-02-07 13:31 <DIR> d-------- c:\program files\Common Files\Nikon
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-07 13:18 . 2009-02-07 13:18 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-03 13:55 . 2009-02-03 13:55 <DIR> d-------- c:\users\admin\AppData\Roaming\AdobeUM
2009-02-03 13:53 . 2009-02-03 13:57 <DIR> d-------- c:\program files\SPSSEVAL
2009-02-03 13:44 . 2009-02-03 13:44 <DIR> d-------- c:\windows\Downloaded Installations
2009-02-03 13:35 . 2009-02-03 13:35 <DIR> d-------- c:\programdata\StatSoft
2009-02-03 13:35 . 1999-09-09 12:28 446,464 --a------ c:\windows\System32\HHActiveX.dll
2009-02-03 13:35 . 2001-03-05 12:11 98,304 --a------ c:\windows\System32\tsccvid.dll
2009-02-03 13:35 . 2009-02-03 13:35 2,074 --a------ c:\users\admin\AppData\Roaming\WWB7_32.DAT
2009-02-03 13:34 . 2009-02-03 13:34 <DIR> d-------- c:\program files\StatSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 06:26 --------- d-----w c:\users\admin\AppData\Roaming\uTorrent
2009-02-12 07:01 --------- d-----w c:\programdata\Microsoft Help
2009-02-12 07:00 --------- d-----w c:\program files\Windows Mail
2009-02-07 12:20 106,496 ----a-w c:\windows\System32\ATL71.DLL
2009-01-17 11:24 --------- d-----w c:\program files\WMR11
2009-01-17 11:18 --------- d-----w c:\program files\VDOWNLOADER
2009-01-17 10:24 --------- d-----w c:\program files\WinPcap
2009-01-15 06:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 06:41 --------- d-----w c:\program files\Canon
2009-01-15 06:34 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-14 14:33 --------- d-----w c:\users\admin\AppData\Roaming\ZoomBrowser EX
2009-01-14 13:15 --------- d-----w c:\programdata\ZoomBrowser
2009-01-14 13:14 --------- d-----w c:\program files\Common Files\Canon
2008-07-02 02:28 61,440 ----a-w c:\program files\Common Files\CPInstallAction.dll
2008-05-22 16:35 51,962 ----a-w c:\program files\Common Files\banner.jpg
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2007-06-12 17:34 35,822 ----a-w c:\program files\Common Files\ASPG_icon.ico
.

((((((((((((((((((((((((((((( SnapShot@2009-02-11_14.37.51.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-14 13:37:35 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-12 07:01:15 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-14 13:37:35 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-12 07:01:15 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-14 13:37:35 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-12 07:01:15 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-14 13:37:35 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-12 07:01:15 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-14 13:37:35 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-12 07:01:15 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-14 13:37:35 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-12 07:01:15 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-14 13:37:35 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-12 07:01:16 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-14 13:37:35 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-12 07:01:15 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-14 13:37:35 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-12 07:01:15 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-14 13:37:35 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-12 07:01:15 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-14 13:37:35 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-12 07:01:15 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-14 13:37:35 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-12 07:01:15 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-11 13:34:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-24 05:26:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-11 13:34:55 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-24 05:26:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-11 13:35:18 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-24 09:32:34 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-11 13:35:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-24 05:27:33 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-02-09 13:23:30 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-27 08:01:18 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-09 13:23:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-27 08:01:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-09 13:23:30 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-27 08:01:18 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-11 13:26:27 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-27 09:32:34 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\System32\ieframe.dll
+ 2009-01-15 06:07:53 6,069,248 ----a-w c:\windows\System32\ieframe.dll
- 2008-10-16 04:47:29 270,336 ----a-w c:\windows\System32\iertutil.dll
+ 2009-01-15 06:07:53 270,336 ----a-w c:\windows\System32\iertutil.dll
- 2008-10-16 04:47:30 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2009-01-15 06:08:05 28,160 ----a-w c:\windows\System32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\System32\mrt.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\System32\mrt.exe
- 2008-01-21 02:24:31 458,240 ----a-w c:\windows\System32\msfeeds.dll
+ 2009-01-15 06:08:34 458,240 ----a-w c:\windows\System32\msfeeds.dll
- 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2009-01-15 06:08:35 3,580,416 ----a-w c:\windows\System32\mshtml.dll
- 2008-10-16 04:47:32 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2009-01-15 06:08:50 671,232 ----a-w c:\windows\System32\mstime.dll
- 2009-02-11 13:33:53 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-27 09:33:03 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-11 13:33:54 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-27 09:33:03 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-01-15 05:24:35 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-14 23:17:32 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2009-01-15 06:11:05 1,166,336 ----a-w c:\windows\System32\urlmon.dll
- 2009-02-11 13:36:45 6,208 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2887227025-192407452-43344749-1000_UserData.bin
+ 2009-02-24 05:27:55 6,232 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2887227025-192407452-43344749-1000_UserData.bin
- 2009-02-11 13:36:45 101,626 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-24 05:27:55 101,650 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-11 13:30:52 45,472 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-24 05:27:54 45,528 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-09 07:16:57 282,564 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-02-27 07:11:23 283,762 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-02-11 13:00:14 276,680 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-02-27 09:27:04 277,498 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-01-14 13:37:42 56,723,119 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-12 07:01:22 64,279,710 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-15 04:15:58 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16809_none_a9ee2d39f5a1db5c\advpack.dll
+ 2009-01-15 04:14:44 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20996_none_aa1379db0f0b2a9a\advpack.dll
+ 2009-01-15 04:16:02 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16809_none_ebe936e9163ac15b\pngfilt.dll
+ 2009-01-15 04:18:35 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20996_none_ec0e838a2fa41099\pngfilt.dll
+ 2009-01-15 04:16:03 1,160,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_b305df9bd99b38bf\urlmon.dll
+ 2009-01-15 04:19:06 1,163,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20996_none_b32b2c3cf30487fd\urlmon.dll
+ 2009-01-15 06:11:05 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\urlmon.dll
+ 2009-01-16 04:59:50 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22355_none_b53baa48f00b8fd3\urlmon.dll
+ 2009-01-15 04:16:01 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16809_none_dee86e647f43f82e\mstime.dll
+ 2009-01-15 04:17:12 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20996_none_df0dbb0598ad476c\mstime.dll
+ 2009-01-15 06:08:50 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18203_none_e0c8ab4e7c6ff115\mstime.dll
+ 2009-01-16 04:57:07 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22355_none_e11e391195b44f42\mstime.dll
+ 2009-01-15 04:16:00 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\jsproxy.dll
+ 2009-01-15 04:16:03 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
+ 2009-01-15 04:16:03 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\WininetPlugin.dll
+ 2009-01-15 04:16:04 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\jsproxy.dll
+ 2009-01-15 04:19:13 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
+ 2009-01-15 04:19:13 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\WininetPlugin.dll
+ 2009-01-15 06:08:05 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\jsproxy.dll
+ 2009-01-15 06:11:16 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
+ 2008-02-22 05:01:41 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WininetPlugin.dll
+ 2009-01-16 04:56:01 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\jsproxy.dll
+ 2009-01-16 05:00:04 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
+ 2009-01-16 05:00:04 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\WininetPlugin.dll
+ 2008-01-21 02:24:46 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dat
+ 2009-01-15 04:16:00 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dll
+ 2008-01-21 02:24:46 2,455,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dat
+ 2009-01-15 04:15:42 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dll
+ 2009-01-15 04:15:59 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtmsft.dll
+ 2009-01-15 04:15:59 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtrans.dll
+ 2009-01-15 04:15:22 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtmsft.dll
+ 2009-01-15 04:15:22 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtrans.dll
+ 2009-01-15 04:16:00 459,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16809_none_5e09520c3d47b20a\msfeeds.dll
+ 2009-01-15 04:16:41 459,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.20996_none_5e2e9ead56b10148\msfeeds.dll
+ 2009-01-15 06:08:34 458,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18203_none_5fe98ef63a73aaf1\msfeeds.dll
+ 2009-01-16 04:56:39 458,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22355_none_603f1cb953b8091e\msfeeds.dll
+ 2009-01-15 04:16:00 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16809_none_464bb12746361260\mshtmled.dll
+ 2009-01-15 04:16:46 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20996_none_4670fdc85f9f619e\mshtmled.dll
+ 2009-01-15 04:16:00 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16809_none_1165da5c24fac888\mshtml.dll
+ 2009-01-15 04:16:45 3,596,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20996_none_118b26fd3e6417c6\mshtml.dll
+ 2009-01-15 06:08:35 3,580,416 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18203_none_134617462226c16f\mshtml.dll
+ 2009-01-16 04:56:43 3,580,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22355_none_139ba5093b6b1f9c\mshtml.dll
+ 2009-01-15 04:16:00 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16809_none_58be4726670f5491\icardie.dll
+ 2009-01-15 04:15:42 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20996_none_58e393c78078a3cf\icardie.dll
+ 2009-01-15 04:15:30 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\ieUnatt.exe
+ 2009-01-15 04:14:36 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
+ 2009-01-15 02:05:46 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\ieUnatt.exe
+ 2009-01-15 04:18:47 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
+ 2009-01-15 04:16:00 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\iertutil.dll
+ 2009-01-15 04:16:02 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\sqmapi.dll
+ 2009-01-15 04:15:44 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\iertutil.dll
+ 2009-01-15 04:18:57 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\sqmapi.dll
+ 2009-01-15 06:07:53 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\iertutil.dll
+ 2008-01-21 02:24:54 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\sqmapi.dll
+ 2009-01-16 04:55:51 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\iertutil.dll
+ 2009-01-16 04:59:31 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\sqmapi.dll
+ 2009-01-15 04:15:30 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\ie4uinit.exe
+ 2009-01-15 04:16:00 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iernonce.dll
+ 2009-01-15 04:16:00 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iesetup.dll
+ 2009-01-15 02:05:40 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\ie4uinit.exe
+ 2009-01-15 04:15:44 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iernonce.dll
+ 2009-01-15 04:15:44 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iesetup.dll
+ 2009-01-15 04:16:00 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16809_none_2a18935467fa6c37\iebrshim.dll
+ 2009-01-15 04:15:42 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20996_none_2a3ddff58163bb75\iebrshim.dll
+ 2009-01-15 04:16:00 6,066,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieframe.dll
+ 2009-01-15 04:16:00 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieui.dll
+ 2009-01-15 04:15:44 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieframe.dll
+ 2009-01-15 04:15:44 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieui.dll
+ 2009-01-15 06:07:53 6,069,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieframe.dll
+ 2008-01-21 02:25:05 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieui.dll
+ 2009-01-16 04:55:51 6,070,784 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieframe.dll
+ 2009-01-16 04:55:51 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieui.dll
+ 2009-01-15 04:15:30 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16809_none_e6bea0de9473aaed\ieinstal.exe
+ 2009-01-15 02:05:59 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20996_none_e6e3ed7faddcfa2b\ieinstal.exe
+ 2009-01-15 04:15:30 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16809_none_0b66d5fad6ee6a9f\ieuser.exe
+ 2009-01-15 02:06:01 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20996_none_0b8c229bf057b9dd\ieuser.exe
+ 2009-01-09 23:21:31 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16808_none_f0a9e19a6e4c873c\OESpamFilter.dat
+ 2009-01-08 23:21:51 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20995_none_f0cf2e3b87b5d67a\OESpamFilter.dat
+ 2009-01-08 23:21:09 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18202_none_f28a1e846b788023\OESpamFilter.dat
+ 2009-01-08 23:21:04 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22353_none_f2deabfd84bdc4f9\OESpamFilter.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\ASUSTek\ASUSDVD\PDVDServ.exe" [2008-04-03 87336]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-25 677144]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2008-01-26 778240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-09-30 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-09-30 47672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-07-17 217180]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-04-10 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{752C1314-A8D7-4BC7-95E0-CC2E38FA71CE}"= c:\program files\ASUSTek\ASUSDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8871193A-BE1D-445B-95E9-75C451453246}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2D5C8B53-007E-4EED-86F1-24373E5650A2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{93F6891E-9C0D-482F-861C-D31FE1235E43}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{091DFD89-08EC-44C1-B59C-2D667FC457E6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{50ABE776-B703-46B3-A09C-4627A5432618}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{28B3885C-D154-457B-AD74-88469F4CCAC4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E0FC80AB-B7F7-4199-9602-B2802A20EA56}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D7B8B911-C0A8-4D91-8A0E-2FE37A55841D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{601C980D-FAF2-47F6-A1E3-78C94DD6C655}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{56570C62-ACBA-4A7E-AC4C-6A119A62E8D9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D4A078A5-5781-46FA-8BD4-2C2FB36AC0D5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{6E411851-C400-481C-A2BC-E1E45AAF58AD}f:\\david\\mbl_kurz\\zo_servera\\ftpwanderer2\\ftpwanderer.exe"= UDP:f:\david\mbl_kurz\zo_servera\ftpwanderer2\ftpwanderer.exe:FTP Wanderer
"UDP Query User{8AFBDCF0-E0E3-47F6-8195-6C503EB885A8}f:\\david\\mbl_kurz\\zo_servera\\ftpwanderer2\\ftpwanderer.exe"= TCP:f:\david\mbl_kurz\zo_servera\ftpwanderer2\ftpwanderer.exe:FTP Wanderer

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [2008-10-11 39472]
R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-09-30 15416]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-03-13 33800]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2007-07-24 38816]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2008-09-30 72192]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-01-21 21504]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [2008-02-05 206464]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-09-30 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-06-25 3662848]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [2008-01-31 6528]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-09-30 29736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-06 34064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1429c9d8-bc49-11dd-927b-002243bd61c6}]
\shell\AutoRun\command - .\run\autorun.exe
\shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3982a731-bf71-11dd-a233-002243bd61c6}]
\shell\AutoRun\command - .\run\autorun.exe
\shell\open\Command - .\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3982a737-bf71-11dd-a233-002243bd61c6}]
\shell\AutoRun\command - H:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c996c293-f1c8-11dd-9169-0023543605f4}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-02-24 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll []

2009-02-27 c:\windows\Tasks\User_Feed_Synchronization-{730D9F09-3B02-4600-A517-49B53FF8D03C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {81EEFA44-41B0-4FFC-83AA-129E47BF165D} = 158.195.40.1,158.195.2.2
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\mgiz1bsq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxps://nic.fns.uniba.sk/squirrelmail/src/login.php
FF - prefs.js: network.proxy.http - http://www.uniba.sk/proxy.pac
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 10:32:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

? [56736]
? [56568]
? [57272]
? [56100]
? [55608]
? [56948]
? [56968]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(784)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
Completion time: 2009-02-27 10:34:20
ComboFix-quarantined-files.txt 2009-02-27 09:34:18

Pre-Run: 102 825 037 824 bytes free
Post-Run: 102,790,152,192 bytes free

392 --- E O F --- 2009-02-26 19:37:25

[tre-SKA]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:20, on 27. 2. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.uniba.sk/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{81EEFA44-41B0-4FFC-83AA-129E47BF165D}: NameServer = 158.195.40.1,158.195.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\System32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 10206 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =    
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O13 - Gopher Prefix:


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
Je to vše.

[tre-SKA]

dik moc.... ide to ... si fakt borec...

neviem ako sa ti mam odmenit ... snad ak by si chcel nejake pozvanky na torrent trackery

keby si chcel tak meil treska@treska.eu