smitfraud-c.coreservice (Vyřešeno) Vyřešeno

[m4rt!n]

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6000)
Thu Mar 27 21:02:09 2008

21:02:09: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\system32\drivers\core.cache.dsk" deleted successfully.

Error: file "C:\Users\m4rt!n\AppData\Roaming\Microsoft\Windows\Cookies\m4rt!n@www.getstats[1].txt" not found!
Deletion of file "C:\Users\m4rt!n\AppData\Roaming\Microsoft\Windows\Cookies\m4rt!n@www.getstats[1].txt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Users\m4rt!n\AppData\Roaming\Microsoft\Windows\Cookies\m4rt!n@partypoker[1].txt" not found!
Deletion of file "C:\Users\m4rt!n\AppData\Roaming\Microsoft\Windows\Cookies\m4rt!n@partypoker[1].txt" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[Reklama]

[m4rt!n]

u kontrolovani ty knihovny na webu mi to zahlasilo toto: 0 bytes size received
ale rekl bych ze je to od total commanderu a ten jsem nainstaloval az kdyz jsem mel tyhle problemy teda jestli se to tam nedostalo necim jinym.

[m4rt!n]

tak jeste posilam ten archiv, nebalil jsem ho pac uz to vygenerovalo zabaleny soubor (.cab)
uz chapu proc jsem mel zabalit ten archiv:)

[Baron Prášil]

předpokládám,že problém trvá. takže zkusme co najde IceSword
návod zde http://www.viry.cz/forum/viewtopic.php?t=14396

čekám ty dva logy

[m4rt!n]

tak tady jsou pane:

Process:

System Idle Process
System
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\smss.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\services.exe
C:\Windows\System32\lsass.exe
C:\Windows\System32\lsm.exe
C:\Windows\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\winlogon.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\SLsvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\wlanext.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\System32\svchost.exe
C:\install\IceSword122en\IceSword.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\SearchIndexer.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Common Files\Steam\SteamService.exe

Kernel Module:

\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\Si3531.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\SiWinAcc.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\SiRemFil.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw4v32.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\ASAPIW2k.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\System32\Drivers\tosrfcom.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\emAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\tosporte.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Mpfp.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\VD_FileDisk.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\drivers\arcc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\drivers\mfebopk.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\??\C:\Windows\system32\drivers\MGHwCtrl.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
\SystemRoot\system32\drivers\mferkdk.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\Windows\System32\ntdll.dll

[Baron Prášil]

zkus to otestovat na virustotal http://www.virustotal.com/flash/index_en.html
C:\Windows\system32\drivers\arcc.sys
nepoužívej "Procházet" ale vlož do okna celou cestu,tučně označenou,k souboru metodou Ctrl+C > Ctrl+V

[m4rt!n]

to uz jsem delal vcera a hodi mi to vzdycky tuhle zpravu: 0 bytes size received / Se ha recibido un archivo vacio
mam to zkusit tim prochazenim?

[Baron Prášil]

odinstaluj WindowsDefender. odpoj se od sítě. zastav vše od mcafee ve službách.
restartuj do nouzovýho režimu. použij combofix (na ploše)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\system32\drivers\arcc.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis už z normálního režimu

(před připojením k síti samozřejmě opět zapni všechny služby mcafee)

[m4rt!n]

odinstaluj WindowsDefender. odpoj se od sítě. zastav vše od mcafee ve službách.
restartuj do nouzovýho režimu. použij combofix (na ploše)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\system32\drivers\arcc.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+nový log z hijackthis už z normálního režimu

(před připojením k síti samozřejmě opět zapni všechny služby mcafee)

taaakze defender se mi podarilo akorat ukoncit, zkousel jsem 2 zpusoby odinstalovani ale ani jeden nezabral.

jinak jsem vse udelal jak jsi rikal az na to ze se podle me zase combofix nespustil pod adminem, nevim jak to udelat (za normalnich okolnosti se to da udelat ve vistach ze kliknes na aplikaci pravim tlacitkem a das spustit jako spravce, jenze to ted neslo) tak jsem jen pretahl ten script na combofix
fakt ty visty nemam rad, mam na pocitaci jediny ucet a je nastaveny samozrejme jako administrator tak nechapu proc nemuze automaticky spustet ty programy jako admin....
ps: moc dekuju za stalou pomoc
tady je ten log:

ComboFix 08-03-26.1 - m4rt!n 2008-03-28 16:49:02.6 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.1634 [GMT 1:00]
Running from: C:\Users\m4rt!n\Desktop\ComboFix.exe
Command switches used :: C:\Users\m4rt!n\Desktop\CFScript.txt

FILE ::
C:\Windows\system32\drivers\arcc.sys
C:\Windows\system32\drivers\core.cache.dsk
.
TimedOut: progfile.dat
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\Windows\system32\*"
pv -d20000 * -t -l

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\arcc.sys
C:\Windows\system32\drivers\core.cache.dsk

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 15:16 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-03-28 15:16 --------- d-----w C:\Program Files\MSECACHE
2008-03-28 15:14 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-28 14:24 91,614 ----a-w C:\Users\m4rt!n\AppData\Roaming\nvModes.dat
2008-03-27 18:45 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-03-27 18:43 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\SUPERAntiSpyware.com
2008-03-27 18:43 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-27 18:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 16:28 241 ----a-w C:\Users\m4rt!n\SR.vbs
2008-03-27 16:19 --------- d-----w C:\Program Files\SysMetrix
2008-03-25 23:15 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-25 23:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-25 22:02 512,000 ----a-w C:\Windows\System32\NVIDIA® SLI SCREENSAVER.scr
2008-03-25 16:53 --------- d-----w C:\Program Files\CCleaner
2008-03-22 23:32 --------- d-----w C:\ProgramData\Test Drive Unlimited
2008-03-16 18:29 --------- d-----w C:\Program Files\Webteh
2008-03-12 19:57 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 19:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 10:34 --------- d-----w C:\ProgramData\PowerDesigner 12
2008-03-12 10:32 --------- d-----w C:\Program Files\Sybase
2008-03-12 08:51 --------- d-----w C:\Program Files\BitLord
2008-03-11 21:06 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\ICQ
2008-03-09 10:25 --------- d-----w C:\Program Files\TC UP
2008-03-09 09:18 --------- d-----w C:\ProgramData\FLEXnet
2008-03-08 13:33 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\HEXelon
2008-03-08 13:21 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\GHISLER
2008-03-02 17:12 --------- d-----w C:\Program Files\ICQ6
2008-03-02 16:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-02 14:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 14:26 --------- d-----w C:\ProgramData\ALM
2008-03-02 14:21 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\Adobe Fireworks CS3
2008-03-02 14:15 --------- d-----w C:\Program Files\QuickTime
2008-03-02 14:02 --------- d-----w C:\Program Files\Bonjour
2008-03-02 13:56 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-26 05:49 --------- d-----w C:\Program Files\McAfee
2008-02-22 20:59 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\teamspeak2
2008-02-22 20:59 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-02-14 22:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 22:34 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 22:29 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 22:29 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 22:29 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 22:29 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 22:29 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 22:29 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 22:29 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 22:29 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 22:29 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 22:29 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 22:29 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 22:29 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 22:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 22:28 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 22:28 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 22:28 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 22:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 22:28 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 22:26 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 22:26 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 22:26 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 22:26 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-06 08:51 171,400 ----a-w C:\Windows\system32\drivers\mfehidk.sys
2008-02-02 20:43 --------- d-----w C:\Program Files\MSI
2008-02-02 20:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 20:15 --------- d-----w C:\Program Files\AVEO
2008-02-02 20:13 --------- d-----w C:\Program Files\System Control Manager
2008-02-02 14:36 --------- d-----w C:\ProgramData\McAfee
2008-02-02 14:34 --------- d-----w C:\Program Files\McAfee.com
2008-02-02 14:34 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-02 14:18 --------- d-----w C:\Users\m4rt!n\AppData\Roaming\Application Data
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-09 12:37 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-29 12:05 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-10-25 10:49 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-03-27_17.47.31.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-27 16:43:35 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-28 15:29:07 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-27 18:43:25 18,944 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-27 18:43:25 65,024 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2008-03-27 16:32:38 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-28 15:24:33 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-27 16:44:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-28 15:42:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-28 15:42:39 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-27 16:32:33 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-28 15:22:27 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-27 16:44:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-28 15:42:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-03-27 16:10:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-28 14:39:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-27 16:10:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-28 14:39:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-27 16:10:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-28 14:39:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-27 16:33:04 13,932 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-357124905-2586769689-4143512945-1000_UserData.bin
+ 2008-03-28 15:14:50 14,012 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-357124905-2586769689-4143512945-1000_UserData.bin
- 2008-03-27 16:33:04 68,566 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-28 15:14:48 69,292 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-27 16:33:02 47,224 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-28 15:14:45 47,738 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-03-24 20:01:30 291,198 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-03-28 14:24:10 293,598 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-03-12 19:57:49 1,226,253 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-28 14:33:57 5,240,881 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-28 10:47 1271032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"PMCRemote"="" []
"PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-09-27 08:15 109640]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-25 11:33 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-20 05:21 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-20 05:21 8462336]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-20 05:21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 12:26 4702208 C:\Windows\RtHDVCpl.exe]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"PinnacleDriverCheck"="C:\Windows\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [2007-09-07 15:38 561152]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 08:46 624248]
"Adobe_ID0EZEHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-04-27 14:31 1884160]
"SysMetrix"="C:\Program Files\SysMetrix\SysMetrix.exe" [2006-02-25 21:09 2637824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6189D1A9-43D1-4264-8877-FD2720D1B824}C:\\program files\\msi\\i-speeder\\i-speeder.exe"= UDP:C:\program files\msi\i-speeder\i-speeder.exe:i-Speeder
"UDP Query User{7D97FD54-E7C1-44E3-B854-08EAE1BF4BF8}C:\\program files\\msi\\i-speeder\\i-speeder.exe"= TCP:C:\program files\msi\i-speeder\i-speeder.exe:i-Speeder
"TCP Query User{204B0C8E-4EDA-453D-805B-99D958ECB297}C:\\program files\\valve\\steam\\steam.exe"= UDP:C:\program files\valve\steam\steam.exe:Steam
"UDP Query User{CFF21D79-D1B9-4260-BC07-1ECF18A0A2C0}C:\\program files\\valve\\steam\\steam.exe"= TCP:C:\program files\valve\steam\steam.exe:Steam
"TCP Query User{83F75589-1E4A-4286-A51D-DCBF33CFA2BA}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"UDP Query User{72BFDD55-E901-4C01-9FEB-55F46ADB158B}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"TCP Query User{FA8DC94C-BB9A-454F-8DDD-10F6635ECC5B}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{6F4BE418-CA78-48AF-A102-15956592B558}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{4120E0E1-8B98-4844-82C0-52236EF937B7}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= UDP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{81375C28-A5C9-4507-9533-97CA993049FE}C:\\program files\\atari\\test drive unlimited\\testdriveunlimited.exe"= TCP:C:\program files\atari\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"{3A11881C-73F3-4802-B76F-B25FE0885F3E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{89060870-C5EA-4DA8-B741-5C41A5979B74}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5A8AD111-B947-4A30-B0FA-A5B350B5EAFF}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"UDP Query User{CBE961BB-7D12-40EB-9972-CE21BE8EE587}C:\\program files\\valve\\steam\\steamapps\\m4rtin01\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\m4rtin01\counter-strike source\hl2.exe:hl2
"TCP Query User{A1A184F4-3C9E-4058-9851-282D38D444ED}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{8E2C56B0-D046-465D-8861-AFC3EF4F040B}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{8D36F227-C505-4980-8C01-7E3CD33A6278}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{7A52920B-EEF9-49C5-AA53-95352C7340F6}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{CFDB45BD-20C8-4326-9009-B7ADEA96FFA9}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{51B767A6-F7AA-4B35-9C1C-3FF04E73B5D9}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{06B60C9F-D955-4DA4-BC32-FA5A183000A2}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{7F803385-B460-4080-B13C-74F472873A51}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{981AC18B-8FF9-4A3E-97A0-35FDA5B4526C}C:\\users\\m4rt!n\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\m4rt!n\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{8A04E9A8-6C48-4AF9-B2C3-4E9CDE911754}C:\\users\\m4rt!n\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\m4rt!n\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{9F789893-CA8B-489C-B290-8CAC8E4F27AE}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{4AEF3662-1420-47B2-AF21-88CF70BE6629}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{2B62B25F-41DD-4EA9-B948-C0630A28F9B0}"= UDP:990:LocalSubnet:LocalSubnet|IF={4DE0BB10-CD63-4744-9CE8-63104EB86B73}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{853D7F83-696E-4D19-84CC-1162F65DDCCD}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= UDP:C:\program files\pinnacle\mediacenter\pmc.exe:
"UDP Query User{40E6AAF7-9632-4EA5-B539-C907FF6903C0}C:\\program files\\pinnacle\\mediacenter\\pmc.exe"= TCP:C:\program files\pinnacle\mediacenter\pmc.exe:
"TCP Query User{5605E4F1-5299-4B5C-9378-A079E97AA3F0}C:\\program files\\pinnacle\\mediacenter\\psst.exe"= UDP:C:\program files\pinnacle\mediacenter\psst.exe:PSST
"UDP Query User{3EDAE4D6-4183-433D-853D-85FCC02AC5DF}C:\\program files\\pinnacle\\mediacenter\\psst.exe"= TCP:C:\program files\pinnacle\mediacenter\psst.exe:PSST
"TCP Query User{2215FF54-662E-4A22-BA07-C60A81912C8D}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{FA00D41B-4A6A-42A8-AB98-DBB7661BBAFE}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"TCP Query User{1F645A3B-2D23-41DB-BC1D-82BE00C2DBC8}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{5AC0E380-88B4-449C-968E-36B51DD4F18B}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"{6F81AF91-5BE1-4E70-A70D-FA4DEFF5B49E}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{8F15EFA2-25E4-4998-BF1A-8A432264403C}"= UDP:3703:Adobe Version Cue CS3 Server
"{51DEE834-321A-4B7C-A267-AFB04F312A09}"= UDP:3704:Adobe Version Cue CS3 Server
"{BE35843E-D729-43BA-9218-1BD1FB63DFD8}"= UDP:50900:Adobe Version Cue CS3 Server
"{3B04D65E-2E5C-4F48-A775-86FB969CA919}"= UDP:50901:Adobe Version Cue CS3 Server
"{7EE50972-B292-45E7-B1FA-1EE7C46D534C}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{8BD2DEA1-B90F-4B4B-B0B4-3FEED2BFDC8E}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Si3531;SiI-3531 SATA Controller;C:\Windows\system32\DRIVERS\Si3531.sys [2007-06-01 18:29]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 09:26]
S1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2007-10-25 11:35]
S1 VD_FileDisk;VD_FileDisk;C:\Windows\system32\drivers\VD_FileDisk.sys [2006-01-13 14:00]
S2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2007-08-23 14:37]
S2 RapiMgr;Připojení zařízení se systémem Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]
S2 WcesComm;Připojení zařízení se systémem Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
S3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 05:21]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-28 16:14]
S3 USB28xxBGA;PCTV 320e Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-08-07 13:39]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-08-07 13:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - ECACHE
.
Contents of the 'Scheduled Tasks' folder
"2008-03-27 17:44:59 C:\Windows\Tasks\At1.job"
- C:\Users\m4rt!n\Desktop\Look2Me-Destroyer.exe
"2008-03-26 18:26:47 C:\Windows\Tasks\At2.job"
- C:\Users\m4rt!n\Desktop\Look2Me-Destroyer.exe
"2008-03-15 01:19:22 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-01 00:00:45 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-03-27 17:05:21 C:\Windows\Tasks\User_Feed_Synchronization-{BD5604EC-C3CF-43BD-81AD-3E6CC3469406}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 16:59:39
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-28 16:59:56
ComboFix-quarantined-files.txt 2008-03-28 15:59:55
ComboFix2.txt 2008-03-27 16:48:01
Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
.
2008-03-28 10:45:19 --- E O F ---

[m4rt!n]

jeste log z hijackthis....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:09, on 28.3.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\cnmsm64.exe
C:\Windows\System32\mobsync.exe
C:\install\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: aveosti.exe.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer = 10.26.0.60,10.26.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F078FD-6AA7-48DF-A51A-97478C147484}: NameServer = 10.26.0.60,10.26.0.10
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10278 bytes

[Baron Prášil]

takže zásadní otázka - co komp?

[m4rt!n]

takze pane kolego:) spustil jsem prohlizec a zadny okno navic na me nevyskocilo, zatim to teda vypada dobre, jeste bych to mel projet spybotem abych se ujistil. kazdopadne dekuji mnohokrat a jeste dam vedet co na to rekne spybot.