smitfraud-c.coreservice (Vyřešeno) Vyřešeno

[m4rt!n]

Tak jsem si vyjel log z hijackthis ale nevim co s combofix, mam ho normalne nainstalovat a pak vytvorit nejaky log? V tom tematu od ramona jsem videl jen postup pro opravu v tomto programu. Dival jsem se na http://www.bleepingcomputer.com/combofi ... e-combofix ale nevim jestli je zapotrebi delat ty predchozi kroky. Diky za pomoc.

Tady je log z hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20:30:59, on 18.3.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\install\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [AveoKeySti] "C:\Program Files\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: aveosti.exe.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer = 10.26.0.60,10.26.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer = 10.26.0.60,10.26.0.10
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[Reklama]

[fredik]

Není potřeba.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Jinak stáhl sis starou verzi HJT, která není plně kompatibilní s Vistou. Proto si ještě stáhni aktuální verzi zde a tu starou před použitím vymaž. Bude pak ještě potřeba.

[m4rt!n]

tak tady je novy log z hijackthis po t-cleaneru a ccleaneru

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:13, on 25.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\install\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: aveosti.exe.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer = 10.26.0.60,10.26.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer = 10.26.0.60,10.26.0.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer = 10.26.0.60,10.26.0.10
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10810 bytes

[m4rt!n]

tak a tady je log z combofixu

ComboFix 08-03-25.1 - m4rt!n 2008-03-25 18:05:53.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.1007 [GMT 1:00]
Running from: C:\Users\m4rt!n\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 16:53 --------- d-----w C:\Program Files\CCleaner
2008-03-25 16:50 241 ----a-w C:\Users\m4rt!n\SR.vbs
2008-03-25 16:10 91,614 ----a-w C:\Users\m4rt!n\AppData\Roaming\nvModes.dat
2008-03-22 23:32 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-03-16 18:29 --------- d-----w C:\Program Files\Webteh
2008-03-16 18:03 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-16 17:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-12 19:57 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 19:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 10:34 --------- d-----w C:\ProgramData\PowerDesigner 12
2008-03-12 10:32 --------- d-----w C:\Program Files\Sybase
2008-03-12 08:51 --------- d-----w C:\Program Files\BitLord
2008-03-11 21:43 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-11 21:06 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\ICQ
2008-03-09 10:25 --------- d-----w C:\Program Files\TC UP
2008-03-09 09:18 --------- d-----w C:\ProgramData\FLEXnet
2008-03-08 13:33 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\HEXelon
2008-03-08 13:21 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\GHISLER
2008-03-02 17:12 --------- d-----w C:\Program Files\ICQ6
2008-03-02 16:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-02 14:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 14:26 --------- d-----w C:\ProgramData\ALM
2008-03-02 14:21 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\Adobe Fireworks CS3
2008-03-02 14:15 --------- d-----w C:\Program Files\QuickTime
2008-03-02 14:02 --------- d-----w C:\Program Files\Bonjour
2008-03-02 13:56 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-26 05:49 --------- d-----w C:\Program Files\McAfee
2008-02-22 20:59 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\teamspeak2
2008-02-22 20:59 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-14 22:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 22:34 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 22:29 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 22:29 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 22:29 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 22:29 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 22:29 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 22:29 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 22:29 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 22:29 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 22:29 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 22:29 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 22:29 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 22:29 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 22:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 22:28 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 22:28 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 22:28 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 22:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 22:28 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 22:26 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 22:26 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 22:26 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 22:26 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-06 08:51 171,400 ----a-w C:\Windows\system32\drivers\mfehidk.sys
2008-02-02 20:43 --------- d-----w C:\Program Files\MSI
2008-02-02 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 20:15 --------- d-----w C:\Program Files\AVEO
2008-02-02 20:13 --------- d-----w C:\Program Files\System Control Manager
2008-02-02 14:36 --------- d-----w C:\ProgramData\McAfee
2008-02-02 14:34 --------- d-----w C:\Program Files\McAfee.com
2008-02-02 14:34 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-02 14:18 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\Application Data
2008-01-25 15:37 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\UseNeXT
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 12:37 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-29 12:05 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-12-25 08:32 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2007-12-25 08:32 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2007-12-25 08:32 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2007-10-25 10:49 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 15:53 1266936]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"PMCRemote"="" []
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 08:15 109640]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-25 11:33 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-20 05:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-20 05:21 8462336]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-20 05:21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4702208 C:\Windows\RtHDVCpl.exe]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2007-09-07 15:38 561152]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 08:46 624248]
"Adobe_ID0EZEHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-04-27 14:31 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6189D1A9-43D1-4264-8877-FD2720D1B824}C:\\program files\\msi\\i-speeder\\i-speeder.exe"= UDP:C:\program files\msi\i-speeder\i-speeder.exe:i-Speeder
"UDP Query User{7D97FD54-E7C1-44E3-B854-08EAE1BF4BF8}C:\\program files\\msi\\i-speeder\\i-speeder.exe"= TCP:C:\program files\msi\i-speeder\i-speeder.exe:i-Speeder
"TCP Query User{204B0C8E-4EDA-453D-805B-99D958ECB297}C:\\program files\\valve\\steam\\steam.exe"= UDP:C:\program files\valve\steam\steam.exe:Steam
"UDP Query User{CFF21D79-D1B9-4260-BC07-1ECF18A0A2C0}C:\\program files\\valve\\steam\\steam.exe"= TCP:C:\program files\valve\steam\steam.exe:Steam
"TCP Query User{83F75589-1E4A-4286-A51D-DCBF33CFA2BA}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"UDP Query User{72BFDD55-E901-4C01-9FEB-55F46ADB158B}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"TCP Query User{FA8DC94C-BB9A-454F-8DDD-10F6635ECC5B}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{6F4BE418-CA78-48AF-A102-15956592B558}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{4120E0E1-8B98-4844-82C0-52236EF937B7}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{81375C28-A5C9-4507-9533-97CA993049FE}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"{3A11881C-73F3-4802-B76F-B25FE0885F3E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{89060870-C5EA-4DA8-B741-5C41A5979B74}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5A8AD111-B947-4A30-B0FA-A5B350B5EAFF}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"UDP Query User{CBE961BB-7D12-40EB-9972-CE21BE8EE587}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"TCP Query User{A1A184F4-3C9E-4058-9851-282D38D444ED}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{8E2C56B0-D046-465D-8861-AFC3EF4F040B}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{8D36F227-C505-4980-8C01-7E3CD33A6278}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{7A52920B-EEF9-49C5-AA53-95352C7340F6}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{CFDB45BD-20C8-4326-9009-B7ADEA96FFA9}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{51B767A6-F7AA-4B35-9C1C-3FF04E73B5D9}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{06B60C9F-D955-4DA4-BC32-FA5A183000A2}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{7F803385-B460-4080-B13C-74F472873A51}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{981AC18B-8FF9-4A3E-97A0-35FDA5B4526C}C:\\users\\m4rt!n\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\m4rt!n\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{8A04E9A8-6C48-4AF9-B2C3-4E9CDE911754}C:\\users\\m4rt!n\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\m4rt!n\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{9F789893-CA8B-489C-B290-8CAC8E4F27AE}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{4AEF3662-1420-47B2-AF21-88CF70BE6629}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{2B62B25F-41DD-4EA9-B948-C0630A28F9B0}"= UDP:990:LocalSubnet:LocalSubnet|IF={4DE0BB10-CD63-4744-9CE8-63104EB86B73}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{853D7F83-696E-4D19-84CC-1162F65DDCCD}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= UDP:C:\program files\pinnacle\mediacenter\pmc.exe:
"UDP Query User{40E6AAF7-9632-4EA5-B539-C907FF6903C0}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= TCP:C:\program files\pinnacle\mediacenter\pmc.exe:
"TCP Query User{5605E4F1-5299-4B5C-9378-A079E97AA3F0}C:\\program files\\pinnacle\\mediacenter\\psst.exe"= UDP:C:\program files\pinnacle\mediacenter\psst.exe:PSST
"UDP Query User{3EDAE4D6-4183-433D-853D-85FCC02AC5DF}C:\\program files\\pinnacle\\mediacenter\\psst.exe"= TCP:C:\program files\pinnacle\mediacenter\psst.exe:PSST
"TCP Query User{2215FF54-662E-4A22-BA07-C60A81912C8D}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{FA00D41B-4A6A-42A8-AB98-DBB7661BBAFE}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{1F645A3B-2D23-41DB-BC1D-82BE00C2DBC8}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{5AC0E380-88B4-449C-968E-36B51DD4F18B}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{6F81AF91-5BE1-4E70-A70D-FA4DEFF5B49E}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8F15EFA2-25E4-4998-BF1A-8A432264403C}"= UDP:3703:Adobe Version Cue CS3 Server
"{51DEE834-321A-4B7C-A267-AFB04F312A09}"= UDP:3704:Adobe Version Cue CS3 Server
"{BE35843E-D729-43BA-9218-1BD1FB63DFD8}"= UDP:50900:Adobe Version Cue CS3 Server
"{3B04D65E-2E5C-4F48-A775-86FB969CA919}"= UDP:50901:Adobe Version Cue CS3 Server
"{7EE50972-B292-45E7-B1FA-1EE7C46D534C}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{8BD2DEA1-B90F-4B4B-B0B4-3FEED2BFDC8E}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-10-25 11:35]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 05:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 01:19:22 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-01 00:00:45 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-25 14:18:16 C:\Windows\Tasks\User_Feed_Synchronization-{BD5604EC-C3CF-43BD-81AD-3E6CC3469406}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 18:11:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\conime.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
.
**************************************************************************
.
Completion time: 2008-03-25 18:16:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-25 17:16:11
.
2008-03-21 14:34:43 --- E O F ---

[Baron Prášil]

možná koukam takhle v pod večer blbě a ne že by v tom nehráli nějakou roli legální psychotropní látky,ale já tam nějak nic nevidim. hledal jsem nějaké vodítko v popisu potíží a ani tady sem se nechyt. tak mi napověz,pls.
ne že by si tam neměl podezřelý věcičky,ale přeci jenom by popis potíží směroval lépe mou virobijeckou mysl

[m4rt!n]

no potiz je v tom ze jakmile spustim prohlizec tak mi zacne hlasit spybot ze se neco chce pripojit na podivnou reklamni url, otevre se novy okno prohlizece a neco mi nabizi, napr. partypoker. nejakou dobu jsem nevedel co to je az jsem nainstaloval spybot a ten to nasel ale nedokaze to odstranit ani zadnej jinej program co pouzivam, treba adaware. nekdo tady uz problem s touto haveti resil kdyby ti to pomohlo, tema se jmenovalo myslim "smitfraud.c-coreservice je tu zas" nebo tak nejak.
PS: s tema legalnima drogama to nemas v tydnu tak prehanet

[Baron Prášil]

PS: s tema legalnima drogama to nemas v tydnu tak prehanet

ani netušíš,kolik sem zabil šmejdů pod vlivem všech těchto prostředků. a možná zachráním i tvojí prdel
...............................
já bych za prvé ty štíty spybotu úplně vypnul,protože mcafee,jestli se nepletu,je kompletní ochrana systému.

poté bych se nebál asi použít smitfraudfix - když už je zde zmíňka o smitfraud. a to takto....
Stáhni si SmitFraudFix (by S!Ri)

Restartuj PC do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskni libovolnou klávesu, tím se dostaneš do menu.
Zde zvol volbu číslo 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.

Pak restartuj PC do normálního režimu, vlož sem z něho log který najdeš v souboru na C:\rapport.txt

k logu přidej popis momentálních potíží.

[m4rt!n]

parada, jdu na to. jsem vubec nevedel ze neco jako smitfraudfix existuje, to se omlouvam, kazdopadne to jdu zkusit. jo a rezidentni ochrany ve spybotu mam vypnuty.

[Baron Prášil]

to je pravda. v prvním logu běžel sdhelper a to mi zůstalo v paměti. a protože visty ještě neznám jako své boty,
tak bych asi doporučil toho spybota zastavit i ve službách,případně i odinstalovat. tyto kompletní ochrany,já říkám kombajny,jsou obvzlášť choulostiví na další bezpečáky na písečku

[m4rt!n]

tak to nevypada dobre, spustil jsem sice ten smitfraudfix v nouzovem rezimu a dal podle pokynu ale po restartu jsem spustil firefox a ejhle, zase mi vyskocilo okno ie, tak jsem to projel spybotem a ta potvora je tam porad:( posilam log z smitfraudfix:

SmitFraudFix v2.308

Scan done at 23:30:21,12, út 25.03.2008
Run from C:\Users\m4rt!n\Desktop\SmitfraudFix
OS: Microsoft Windows [Verze 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer=10.26.0.60,10.26.0.10
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0A04313-C731-4FB5-827B-3811E291489F}: DhcpNameServer=10.26.0.60 10.26.0.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer=10.26.0.60,10.26.0.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0A04313-C731-4FB5-827B-3811E291489F}: DhcpNameServer=10.26.0.60 10.26.0.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer=10.26.0.60,10.26.0.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E0A04313-C731-4FB5-827B-3811E291489F}: DhcpNameServer=10.26.0.60 10.26.0.10
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.26.0.60 10.26.0.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.26.0.60 10.26.0.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.26.0.60 10.26.0.10


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[Baron Prášil]

jo,takže,odinstaluj ten spybot. přejdi poté do nouzového režimu > vypni i antispyware štíty u McAfee a potom v (nouzáku) udělej combofix. log pošli

[m4rt!n]

tak jak jsi rikal, odinstaloval jsem spybot, vypnul stity v mcafee, a udelal combofix v nouzovym rezimu:

ComboFix 08-03-25.1 - m4rt!n 2008-03-26 0:26:43.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.1659 [GMT 1:00]
Running from: C:\Users\m4rt!n\Desktop\ComboFix.exe
.
TimedOut: Windir.dat
TimedOut: progfile.dat
-- Script messages for sUBs --
VFind -td "C:\Windows\system32\baiso*"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\Windows\*
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
pv -d10000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\helppane.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
winlogon.exe
Explorer.exe
SED "/32\\[0-9]*\\insatll.~tmp/I!d"
VFind -tf "C:\Windows\system32\insatll.~tmp"
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\Windows\*
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
pv -d10000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\helppane.exe -Embedding
winlogon.exe
Explorer.exe
Findstr -MIF:/ sursen
VFind.exe -ltf -s-1300000 -d+2007-12-25 C:\Windows\*
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
pv -d80000 * -t -l

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\services.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\helppane.exe -Embedding
winlogon.exe
Explorer.exe
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
VFind.exe -ltf -s-1000000 -d+2007-12-25 "C:\Program Files\*"
pv -d30000 * -t -l

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 23:18 --------- d-----w C:\Program Files\SysMetrix
2008-03-25 23:15 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-25 23:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-25 23:03 3,918 ----a-w C:\Windows\System32\tmp.reg
2008-03-25 22:02 512,000 ----a-w C:\Windows\System32\NVIDIA® SLI SCREENSAVER.scr
2008-03-25 16:53 --------- d-----w C:\Program Files\CCleaner
2008-03-25 16:50 241 ----a-w C:\Users\m4rt!n\SR.vbs
2008-03-25 16:10 91,614 ----a-w C:\Users\m4rt!n\AppData\Roaming\nvModes.dat
2008-03-22 23:32 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-03-16 18:29 --------- d-----w C:\Program Files\Webteh
2008-03-12 19:57 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 19:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 10:34 --------- d-----w C:\ProgramData\PowerDesigner 12
2008-03-12 10:32 --------- d-----w C:\Program Files\Sybase
2008-03-12 08:51 --------- d-----w C:\Program Files\BitLord
2008-03-11 21:43 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-11 21:06 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\ICQ
2008-03-09 10:25 --------- d-----w C:\Program Files\TC UP
2008-03-09 09:18 --------- d-----w C:\ProgramData\FLEXnet
2008-03-08 13:33 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\HEXelon
2008-03-08 13:21 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\GHISLER
2008-03-02 17:12 --------- d-----w C:\Program Files\ICQ6
2008-03-02 16:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-02 14:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 14:26 --------- d-----w C:\ProgramData\ALM
2008-03-02 14:21 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\Adobe Fireworks CS3
2008-03-02 14:15 --------- d-----w C:\Program Files\QuickTime
2008-03-02 14:02 --------- d-----w C:\Program Files\Bonjour
2008-03-02 13:56 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-26 05:49 --------- d-----w C:\Program Files\McAfee
2008-02-22 20:59 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\teamspeak2
2008-02-22 20:59 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-14 22:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 22:34 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 22:29 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 22:29 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 22:29 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 22:29 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 22:29 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 22:29 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 22:29 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 22:29 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 22:29 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 22:29 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 22:29 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 22:29 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 22:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 22:28 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 22:28 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 22:28 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 22:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 22:28 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 22:26 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 22:26 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 22:26 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 22:26 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-06 08:51 171,400 ----a-w C:\Windows\system32\drivers\mfehidk.sys
2008-02-02 20:43 --------- d-----w C:\Program Files\MSI
2008-02-02 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 20:15 --------- d-----w C:\Program Files\AVEO
2008-02-02 20:13 --------- d-----w C:\Program Files\System Control Manager
2008-02-02 14:36 --------- d-----w C:\ProgramData\McAfee
2008-02-02 14:34 --------- d-----w C:\Program Files\McAfee.com
2008-02-02 14:34 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-02 14:18 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\Application Data
2008-01-25 15:37 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\UseNeXT
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 12:37 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-29 12:05 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-12-25 08:32 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2007-12-25 08:32 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2007-12-25 08:32 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2007-10-25 10:49 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-03-25_18.15.46.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-25 17:10:20 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-25 23:25:15 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-25 16:31:48 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-25 23:20:09 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-25 17:11:21 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-25 23:23:48 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-03-25 17:05:27 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-25 23:20:49 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-25 17:11:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-25 23:23:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-25 23:23:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-25 16:54:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-25 19:09:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-25 16:54:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-25 19:09:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-25 16:54:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-25 19:09:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2004-04-08 17:16:54 99,688 ----a-w C:\Windows\System32\Macromed\Flash\GetFlash.exe
+ 2008-03-25 22:02:23 34,304 ----a-w C:\Windows\System32\NVIDIA® SLI SCREENSAVER dir\saver1.dll
+ 2008-03-25 22:02:23 18,192 ----a-w C:\Windows\System32\NVIDIA® SLI SCREENSAVER dir\saver2.dll
- 2008-03-25 14:23:16 85,994 ----a-w C:\Windows\System32\perfc005.dat
+ 2008-03-25 22:40:26 85,994 ----a-w C:\Windows\System32\perfc005.dat
- 2008-03-25 14:23:16 107,614 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-25 22:40:26 107,614 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-25 14:23:16 481,910 ----a-w C:\Windows\System32\perfh005.dat
+ 2008-03-25 22:40:26 481,910 ----a-w C:\Windows\System32\perfh005.dat
- 2008-03-25 14:23:16 618,470 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-25 22:40:26 618,470 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-25 14:18:44 13,536 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-357124905-2586769689-4143512945-1000_UserData.bin
+ 2008-03-25 23:19:07 13,832 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-357124905-2586769689-4143512945-1000_UserData.bin
- 2008-03-25 14:18:44 68,454 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-25 23:19:06 68,502 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-25 14:18:42 45,930 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-25 23:19:02 46,574 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-11-30 15:53 1266936]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"PMCRemote"="" []
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 08:15 109640]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-25 11:33 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-20 05:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-20 05:21 8462336]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-20 05:21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4702208 C:\Windows\RtHDVCpl.exe]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2007-09-07 15:38 561152]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 08:46 624248]
"Adobe_ID0EZEHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-04-27 14:31 1884160]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 21:09 2637824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6189D1A9-43D1-4264-8877-FD2720D1B824}C:\\program files\\msi\\i-speeder\\i-speeder.exe"= UDP:C:\program files\msi\i-speeder\i-speeder.exe:i-Speeder
"UDP Query User{7D97FD54-E7C1-44E3-B854-08EAE1BF4BF8}C:\\program files\\msi\\i-speeder\\i-speeder.exe"= TCP:C:\program files\msi\i-speeder\i-speeder.exe:i-Speeder
"TCP Query User{204B0C8E-4EDA-453D-805B-99D958ECB297}C:\\program files\\valve\\steam\\steam.exe"= UDP:C:\program files\valve\steam\steam.exe:Steam
"UDP Query User{CFF21D79-D1B9-4260-BC07-1ECF18A0A2C0}C:\\program files\\valve\\steam\\steam.exe"= TCP:C:\program files\valve\steam\steam.exe:Steam
"TCP Query User{83F75589-1E4A-4286-A51D-DCBF33CFA2BA}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"UDP Query User{72BFDD55-E901-4C01-9FEB-55F46ADB158B}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"TCP Query User{FA8DC94C-BB9A-454F-8DDD-10F6635ECC5B}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{6F4BE418-CA78-48AF-A102-15956592B558}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{4120E0E1-8B98-4844-82C0-52236EF937B7}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{81375C28-A5C9-4507-9533-97CA993049FE}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"{3A11881C-73F3-4802-B76F-B25FE0885F3E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{89060870-C5EA-4DA8-B741-5C41A5979B74}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5A8AD111-B947-4A30-B0FA-A5B350B5EAFF}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"UDP Query User{CBE961BB-7D12-40EB-9972-CE21BE8EE587}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"TCP Query User{A1A184F4-3C9E-4058-9851-282D38D444ED}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{8E2C56B0-D046-465D-8861-AFC3EF4F040B}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{8D36F227-C505-4980-8C01-7E3CD33A6278}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{7A52920B-EEF9-49C5-AA53-95352C7340F6}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{CFDB45BD-20C8-4326-9009-B7ADEA96FFA9}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{51B767A6-F7AA-4B35-9C1C-3FF04E73B5D9}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{06B60C9F-D955-4DA4-BC32-FA5A183000A2}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{7F803385-B460-4080-B13C-74F472873A51}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{981AC18B-8FF9-4A3E-97A0-35FDA5B4526C}C:\\users\\m4rt!n\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\m4rt!n\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{8A04E9A8-6C48-4AF9-B2C3-4E9CDE911754}C:\\users\\m4rt!n\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\m4rt!n\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{9F789893-CA8B-489C-B290-8CAC8E4F27AE}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{4AEF3662-1420-47B2-AF21-88CF70BE6629}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{2B62B25F-41DD-4EA9-B948-C0630A28F9B0}"= UDP:990:LocalSubnet:LocalSubnet|IF={4DE0BB10-CD63-4744-9CE8-63104EB86B73}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{853D7F83-696E-4D19-84CC-1162F65DDCCD}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= UDP:C:\program files\pinnacle\mediacenter\pmc.exe:
"UDP Query User{40E6AAF7-9632-4EA5-B539-C907FF6903C0}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= TCP:C:\program files\pinnacle\mediacenter\pmc.exe:
"TCP Query User{5605E4F1-5299-4B5C-9378-A079E97AA3F0}C:\\program files\\pinnacle\\mediacenter\\psst.exe"= UDP:C:\program files\pinnacle\mediacenter\psst.exe:PSST
"UDP Query User{3EDAE4D6-4183-433D-853D-85FCC02AC5DF}C:\\program files\\pinnacle\\mediacenter\\psst.exe"= TCP:C:\program files\pinnacle\mediacenter\psst.exe:PSST
"TCP Query User{2215FF54-662E-4A22-BA07-C60A81912C8D}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{FA00D41B-4A6A-42A8-AB98-DBB7661BBAFE}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{1F645A3B-2D23-41DB-BC1D-82BE00C2DBC8}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{5AC0E380-88B4-449C-968E-36B51DD4F18B}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{6F81AF91-5BE1-4E70-A70D-FA4DEFF5B49E}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8F15EFA2-25E4-4998-BF1A-8A432264403C}"= UDP:3703:Adobe Version Cue CS3 Server
"{51DEE834-321A-4B7C-A267-AFB04F312A09}"= UDP:3704:Adobe Version Cue CS3 Server
"{BE35843E-D729-43BA-9218-1BD1FB63DFD8}"= UDP:50900:Adobe Version Cue CS3 Server
"{3B04D65E-2E5C-4F48-A775-86FB969CA919}"= UDP:50901:Adobe Version Cue CS3 Server
"{7EE50972-B292-45E7-B1FA-1EE7C46D534C}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{8BD2DEA1-B90F-4B4B-B0B4-3FEED2BFDC8E}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2007-06-01 18:29]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
S1 arcc;arcc;C:\Windows\system32\drivers\arcc.sys [2008-01-17 12:43]
S1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-10-25 11:35]
S1 VD_FileDisk;VD_FileDisk;C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 14:00]
S2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2007-08-23 14:37]
S2 RapiMgr;Připojení zařízení se systémem Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
S2 WcesComm;Připojení zařízení se systémem Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
S3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 05:21]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-11 20:39]
S3 USB28xxBGA;PCTV 320e Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-08-07 13:39]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-08-07 13:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 01:19:22 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-01 00:00:45 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-25 14:18:16 C:\Windows\Tasks\User_Feed_Synchronization-{BD5604EC-C3CF-43BD-81AD-3E6CC3469406}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 00:33:10
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-26 0:33:27
ComboFix-quarantined-files.txt 2008-03-25 23:33:25
ComboFix2.txt 2008-03-25 17:16:28
.
2008-03-21 14:34:43 --- E O F ---