Suspensor PC problém

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

barrell
nováček
Příspěvky: 2
Registrován: březen 08
Pohlaví: Nespecifikováno
Stav:
Offline

Suspensor PC problém

Příspěvekod barrell » 01 kvě 2008 13:59

//Téma rozděleno. Příště si založ vlastní téma, i kdyby jsi měl stejný problém jako se řeší v daném tématu.
fredik


Zdravím ... mám ten samý problém. Projel jsem komp ComboFixem a postnu tady svůj log z COMBOFIX i z HJT, můžete mi na to kouknout? Rád bych se toho taky zbavil. Díky moc

COMBOFIX LOG
-------------------------------------------------------------------------
ComboFix 08-04-29.5 - BaRReLL 2008-05-01 13:39:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.1173 [GMT 2:00]
Running from: \\Amd-013254e3dd9\d\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\dmdorygf.dll
C:\Windows\system32\efcbccCU.dll
C:\Windows\System32\fgyrodmd.ini
C:\Windows\system32\jryapfsy.ini
C:\Windows\system32\mnvaljxj.dll
C:\Windows\system32\pgsdspml.dll
C:\Windows\System32\UCccbcfe.ini
C:\Windows\System32\UCccbcfe.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 13:31 . 2008-05-01 13:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 20:00 . 2008-04-30 20:00 <DIR> d-------- C:\Program Files\zoneLINK
2008-04-29 22:25 . 2008-04-29 22:25 1,236,992 --a------ C:\Windows\System32\cpuz142.exe
2008-04-29 22:25 . 2008-04-29 22:25 136 --a------ C:\Windows\System32\cpuz.ini
2008-04-29 22:07 . 2008-04-29 22:07 <DIR> d-------- C:\Users\All Users\Futuremark
2008-04-29 22:07 . 2008-04-29 22:07 <DIR> d-------- C:\ProgramData\Futuremark
2008-04-29 21:33 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-04-29 21:33 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-04-29 21:33 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-04-29 21:33 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-04-29 21:33 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-04-29 21:33 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-04-28 20:35 . 2008-04-28 20:35 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\InstallShield Installation Information
2008-04-27 16:19 . 2008-04-27 16:27 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\GSC
2008-04-27 16:18 . 2008-04-27 16:18 <DIR> d-------- C:\Program Files\GSC
2008-04-27 15:41 . 2008-04-27 15:41 <DIR> d-------- C:\Users\BaRReLL\SystemRequirementsLab
2008-04-27 15:41 . 2008-04-27 15:41 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-27 15:38 . 2008-04-27 15:38 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-27 13:57 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-04-27 13:57 . 2008-03-03 18:21 568 --ah----- C:\Windows\nod32fixtemdono.reg
2008-04-27 13:57 . 2008-04-27 13:57 0 --a------ C:\Windows\pestpatrol5.INI
2008-04-27 13:56 . 2008-04-27 13:56 <DIR> d-------- C:\Users\All Users\ESET
2008-04-27 13:56 . 2008-04-27 13:56 <DIR> d-------- C:\ProgramData\ESET
2008-04-27 13:56 . 2008-04-27 13:56 <DIR> d-------- C:\Program Files\ESET
2008-04-27 13:54 . 2008-04-27 13:54 <DIR> d-------- C:\Users\All Users\CA
2008-04-27 13:54 . 2008-04-27 13:54 <DIR> d-------- C:\ProgramData\CA
2008-04-27 13:53 . 2008-04-27 13:53 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-27 13:53 . 2008-04-27 13:53 <DIR> d-------- C:\Program Files\CA
2008-04-27 13:42 . 2008-04-27 13:52 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-04-27 09:40 . 2008-04-27 13:24 524,288 --ahs---- C:\Users\BaRReLL\ntuser.dat{fcc6fdd0-142a-11dd-a751-001e8cc0f2b3}.TMContainer00000000000000000002.regtrans-ms
2008-04-27 09:40 . 2008-05-01 13:45 524,288 --ahs---- C:\Users\BaRReLL\ntuser.dat{fcc6fdd0-142a-11dd-a751-001e8cc0f2b3}.TMContainer00000000000000000001.regtrans-ms
2008-04-27 09:40 . 2008-05-01 13:45 65,536 --ahs---- C:\Users\BaRReLL\ntuser.dat{fcc6fdd0-142a-11dd-a751-001e8cc0f2b3}.TM.blf
2008-04-26 16:25 . 2008-04-27 09:25 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\WTablet
2008-04-26 16:24 . 2008-04-26 16:24 <DIR> d-------- C:\Users\All Users\AppData
2008-04-26 16:24 . 2008-04-26 16:24 <DIR> d-------- C:\ProgramData\AppData
2008-04-26 16:21 . 2008-04-27 08:53 <DIR> d-------- C:\Program Files\Tablet
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\Windows\System32\xfcodec.dll
2008-04-22 22:07 . 2008-04-27 09:34 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-04-22 22:07 . 2008-04-27 09:34 <DIR> d-------- C:\ProgramData\FLEXnet
2008-04-22 20:50 . 2008-04-22 20:50 <DIR> d-------- C:\Program Files\Bonjour
2008-04-22 20:42 . 2008-04-22 20:42 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-21 20:19 . 2008-04-21 20:19 <DIR> d-------- C:\Users\All Users\Gamespot
2008-04-21 20:19 . 2008-04-21 20:19 <DIR> d-------- C:\ProgramData\Gamespot
2008-04-21 19:49 . 2008-04-21 19:50 <DIR> d-------- C:\Windows\68F19BCC49D349FFBAACA147C66A9710.TMP
2008-04-20 17:28 . 2008-04-20 17:28 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\FlashGet
2008-04-20 17:28 . 2008-04-27 09:34 <DIR> d-------- C:\Program Files\FlashGet
2008-04-19 22:54 . 2008-04-19 22:54 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-04-19 22:52 . 2008-04-19 22:54 <DIR> d-------- C:\Program Files\Ballance
2008-04-19 13:04 . 2008-04-19 13:05 <DIR> d-------- C:\Program Files\Trainer Maker Kit
2008-04-19 12:46 . 2008-04-19 12:46 <DIR> d-------- C:\Users\All Users\ATI
2008-04-19 12:46 . 2008-04-19 12:46 <DIR> d-------- C:\ProgramData\ATI
2008-04-19 08:56 . 2008-04-19 08:56 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\FMA
2008-04-19 08:56 . 2008-04-19 08:58 <DIR> d-------- C:\Program Files\Fma
2008-04-19 08:56 . 2008-04-19 08:56 <DIR> d-------- C:\Fraps
2008-04-19 01:22 . 2008-04-19 01:22 <DIR> d-------- C:\Program Files\Mobile Action
2008-04-19 01:18 . 2007-01-08 15:06 156,128 --a------ C:\Windows\System32\drivers\ma730c.sys
2008-04-19 01:18 . 2006-09-21 12:23 103,040 --a------ C:\Windows\System32\drivers\ma730Pt.sys
2008-04-19 01:18 . 2005-11-21 13:55 32,847 -ra------ C:\Windows\System32\drivers\Ma730Hid.sys
2008-04-19 01:18 . 2005-11-22 14:32 23,376 -ra------ C:\Windows\System32\drivers\Ma730Vad.sys
2008-04-19 01:18 . 2006-04-13 16:08 23,160 --a------ C:\Windows\System32\MA730PT.VXD
2008-04-19 01:18 . 2007-01-26 17:32 21,851 --a------ C:\Windows\System32\drivers\Ma730VaA.sys
2008-04-19 01:15 . 2008-04-19 01:15 <DIR> d-------- C:\Windows\System32\ma730Ftemp
2008-04-19 01:15 . 2008-04-19 01:15 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-17 21:05 . 2008-05-01 12:56 <DIR> d-------- C:\Users\All Users\TrackMania
2008-04-17 21:05 . 2008-05-01 12:56 <DIR> d-------- C:\ProgramData\TrackMania
2008-04-17 20:27 . 2008-04-19 13:01 5,120 --a------ C:\Windows\System32\BReWErS.dll
2008-04-17 17:36 . 2008-04-17 17:36 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\SystemGadgets
2008-04-16 22:58 . 2008-04-16 23:05 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\App Launcher Gadget
2008-04-16 20:20 . 2008-04-16 20:20 <DIR> d-------- C:\PerfLogs
2008-04-16 19:53 . 2008-01-19 09:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-04-16 19:53 . 2008-01-19 09:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-04-16 19:51 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-16 19:50 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-04-16 19:49 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-16 19:48 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-16 19:48 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-16 19:47 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-16 19:47 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-16 19:46 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-16 19:46 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-16 19:46 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-16 19:46 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-16 19:39 . 2008-04-16 19:39 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-16 19:21 . 2008-04-16 19:21 <DIR> d-------- C:\Windows\Application Data
2008-04-15 19:58 . 2008-04-15 19:58 94,208 --a------ C:\Windows\DIIUnin.exe
2008-04-15 19:58 . 2008-04-15 20:02 30,711 --a------ C:\Windows\DIIUnin.dat
2008-04-15 19:58 . 2008-04-15 19:58 2,829 --a------ C:\Windows\DIIUnin.pif
2008-04-13 17:31 . 2008-04-13 17:31 <DIR> d-------- C:\Windows\Sun
2008-04-13 13:03 . 2008-04-13 13:03 <DIR> d-------- C:\Program Files\Edisk
2008-04-13 12:39 . 2008-04-13 12:39 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\thriXXX
2008-04-13 12:39 . 2008-04-16 23:02 <DIR> d-------- C:\Program Files\thriXXX
2008-04-13 08:59 . 2008-04-13 08:59 <DIR> d-------- C:\Program Files\TRACTION In-Game Radio Player
2008-04-12 14:31 . 2008-04-20 16:37 <DIR> d-------- C:\Users\All Users\Test Drive Unlimited
2008-04-12 14:31 . 2008-04-20 16:37 <DIR> d-------- C:\ProgramData\Test Drive Unlimited
2008-04-12 13:34 . 2008-04-12 13:34 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-12 09:10 . 2008-04-21 22:10 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-04-09 18:59 . 2008-02-29 09:11 988,216 --a------ C:\Windows\System32\winload.exe
2008-04-09 18:59 . 2008-02-29 09:11 927,288 --a------ C:\Windows\System32\winresume.exe
2008-04-09 18:59 . 2008-02-22 07:05 615,992 --a------ C:\Windows\System32\ci.dll
2008-04-09 18:59 . 2008-02-29 08:53 378,368 --a------ C:\Windows\System32\srcore.dll
2008-04-09 18:59 . 2008-02-29 06:12 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 18:59 . 2008-02-29 08:53 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-04-09 18:59 . 2008-02-29 08:53 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 18:59 . 2008-02-29 09:14 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 18:59 . 2008-02-29 06:12 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 18:59 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 18:58 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-09 18:58 . 2008-02-22 04:50 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-09 18:58 . 2008-02-22 07:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-04-09 18:58 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-08 20:36 . 2008-04-08 20:37 <DIR> d-------- C:\Program Files\HP
2008-04-06 20:23 . 2008-04-06 20:23 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\teamspeak2
2008-04-06 20:23 . 2008-04-06 20:23 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-04-06 20:22 . 2008-04-06 20:23 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-04-06 12:03 . 2008-04-06 12:03 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\Turbine
2008-04-06 11:59 . 2008-04-06 11:59 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-04-06 11:40 . 2008-04-06 11:40 <DIR> d-------- C:\Users\BaRReLL\Shared
2008-04-06 11:40 . 2008-04-06 11:44 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\Cabos
2008-04-06 11:39 . 2008-04-06 11:40 <DIR> d-------- C:\Program Files\Java
2008-04-06 11:38 . 2008-04-06 11:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-05 17:59 . 2008-04-22 06:22 <DIR> d-------- C:\Users\BaRReLL\AppData\Roaming\GetRightToGo
2008-04-03 19:08 . 2008-04-03 19:08 <DIR> d-------- C:\Program Files\Echovoice
2008-04-03 00:53 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-04-03 00:51 . 2008-04-03 00:51 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-03 00:47 . 2008-04-03 00:47 <DIR> d-------- C:\Windows\PCHEALTH

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 19:58 --------- d-----w C:\Program Files\Futuremark
2008-04-29 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 16:32 --------- d-----w C:\ProgramData\Xfire
2008-04-29 16:32 --------- d-----w C:\Program Files\Xfire
2008-04-28 23:09 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\Xfire
2008-04-27 15:27 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-27 12:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-27 11:59 --------- d-----w C:\ProgramData\Avira
2008-04-27 08:18 22,328 ----a-w C:\Users\BaRReLL\AppData\Roaming\PnkBstrK.sys
2008-04-27 08:17 --------- d-----w C:\ProgramData\Media Center Programs
2008-04-27 07:40 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-27 07:34 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\GHISLER
2008-04-27 07:34 --------- d-----w C:\Program Files\RocketDock
2008-04-27 07:34 --------- d-----w C:\Program Files\ASUS
2008-04-26 14:36 --------- d-----w C:\ProgramData\Autodesk
2008-04-26 14:34 --------- d-----w C:\Program Files\Autodesk
2008-04-22 18:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-22 06:53 27,672 ----a-r C:\Windows\system32\drivers\Entech.sys
2008-04-21 18:19 6,965 ----a-w C:\Program Files\install.log
2008-04-21 17:50 --------- d-----w C:\Program Files\AMD
2008-04-21 16:46 --------- d-----w C:\Program Files\Codemasters
2008-04-19 20:04 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\The Longest Journey
2008-04-19 14:27 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\uTorrent
2008-04-19 11:46 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\Bioshock
2008-04-19 11:33 --------- d---a-w C:\ProgramData\TEMP
2008-04-19 10:47 --------- d-----w C:\Program Files\ATI
2008-04-19 10:43 --------- d-----w C:\Program Files\ATI Technologies
2008-04-16 21:01 --------- d-----w C:\Program Files\Yahoo!
2008-04-16 18:31 174 --sha-w C:\Program Files\desktop.ini
2008-04-16 18:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-16 18:22 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-16 18:22 --------- d-----w C:\Program Files\Windows Mail
2008-04-16 18:22 --------- d-----w C:\Program Files\Windows Journal
2008-04-16 18:22 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-16 18:22 --------- d-----w C:\Program Files\Windows Calendar
2008-04-16 18:21 --------- d-----w C:\Program Files\Windows Defender
2008-04-14 17:23 --------- d-----w C:\ProgramData\Ubisoft
2008-04-12 07:18 --------- d-----w C:\Program Files\Opera
2008-04-03 19:44 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-03 17:44 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\Skype
2008-04-03 17:43 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\skypePM
2008-04-03 17:08 --------- d-----w C:\Program Files\Echovoice
2008-04-02 22:50 --------- d-----w C:\Program Files\MSBuild
2008-04-01 20:12 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-03-30 15:21 --------- d-----w C:\Program Files\RivaTuner v2.08
2008-03-30 14:54 --------- d-----w C:\Program Files\SiSoftware
2008-03-30 10:01 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\Media Player Classic
2008-03-30 02:16 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-03-29 20:32 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\Ubisoft
2008-03-29 17:51 --------- d-----w C:\Program Files\Valve
2008-03-29 10:47 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-29 07:41 --------- d-----w C:\Program Files\RivaTuner v2.06
2008-03-29 06:24 3,544,064 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-03-29 03:29 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-03-28 21:59 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\Microsoft Games
2008-03-28 21:50 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-03-28 21:15 --------- d-----w C:\Program Files\Microsoft Games
2008-03-26 19:25 --------- d-----w C:\Program Files\MagicDisc
2008-03-26 19:24 --------- d-----w C:\Program Files\MagicISO
2008-03-26 19:20 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-03-26 19:19 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\DAEMON Tools Pro
2008-03-26 19:19 --------- d-----w C:\ProgramData\DAEMON Tools Pro
2008-03-26 19:07 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-03-26 18:06 --------- d-----w C:\Program Files\QIP
2008-03-26 05:06 --------- d-----w C:\Program Files\Talisman 2
2008-03-25 20:47 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\Talkback
2008-03-24 22:55 --------- d-----w C:\Program Files\BOINC
2008-03-24 20:38 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\Winamp
2008-03-24 20:37 --------- d-----w C:\Program Files\Winamp
2008-03-24 12:20 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-03-24 11:49 --------- d-----w C:\Program Files\TrueLaunchBar
2008-03-23 12:05 --------- d-----w C:\Program Files\uTorrent
2008-03-22 23:09 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\vlc
2008-03-22 21:17 --------- d-----w C:\Program Files\VideoLAN
2008-03-22 20:16 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\CyberLink
2008-03-22 20:15 --------- d-----w C:\ProgramData\CyberLink
2008-03-22 20:12 --------- d-----w C:\Program Files\CyberLink
2008-03-22 05:56 --------- d-----w C:\Program Files\Essentials Codec Pack
2008-03-22 05:48 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\DivX
2008-03-22 05:46 --------- d-----w C:\Program Files\DivX
2008-03-20 21:40 --------- d-----w C:\Program Files\Xvid
2008-03-20 19:38 --------- d-----w C:\Program Files\totalcmd
2008-03-20 19:30 --------- d-----w C:\Program Files\Electronic Arts
2008-03-20 19:02 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-20 18:51 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-20 18:51 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-20 18:50 --------- d-----w C:\ProgramData\Skype
2008-03-20 18:50 --------- d-----w C:\Program Files\Skype
2008-03-20 18:50 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-20 03:33 --------- d-----w C:\ProgramData\Lavasoft
2008-03-20 03:33 --------- d-----w C:\Program Files\Lavasoft
2008-03-18 23:45 --------- d--h--r C:\Users\BaRReLL\AppData\Roaming\SecuROM
2008-03-18 23:01 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\AdobeUM
2008-03-18 21:56 --------- d-----w C:\Program Files\Razer
2008-03-18 21:33 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\ATI
2008-03-18 21:30 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\MiniDm
2008-03-18 21:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-18 21:17 --------- d-----w C:\Program Files\Marvell
2008-03-18 21:16 --------- d-----w C:\Users\BaRReLL\AppData\Roaming\TMP
2008-03-18 21:14 --------- d-----w C:\Program Files\IEPro
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 14:45 133576]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 15:53 49152]
"Diamondback"="C:\Program Files\Razer\Diamondback\razerhid.exe" [2007-02-14 12:15 147456]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 18:44 303104]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 16:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 23:55 54832]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 11:39 233472]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 11:40 131072]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [2006-11-28 23:52 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 16:35 1261568]
"MaBtSh"="C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [2006-02-08 17:29 24576]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 10:10 2007088]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-04-27 13:55 258048]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3218084040-2075616818-2880263753-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B910414A-AFEA-465B-9DFA-EEF9EBDACD9A}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{050D972D-8D4E-4B43-BDA4-45C9F6E7C5DE}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{B4DBEFDA-A495-47A6-A0B8-084D446AC15B}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{52F82B57-0087-40A6-975B-05E95A33527B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{22767127-2253-47F6-AF66-8B40FAFA7EF3}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{B7F06494-D0AD-4E9B-A838-196CFD4AC577}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{100AF8C6-F6EE-42AE-9937-697C6F680B91}E:\\games\\steam\\steamapps\\common\\enemy territory quake wars\\etqw.exe"= UDP:E:\games\steam\steamapps\common\enemy territory quake wars\etqw.exe:Enemy Territory: QUAKE Wars
"UDP Query User{CDE98D5F-1125-4E44-8843-9C348914FF07}E:\\games\\steam\\steamapps\\common\\enemy territory quake wars\\etqw.exe"= TCP:E:\games\steam\steamapps\common\enemy territory quake wars\etqw.exe:Enemy Territory: QUAKE Wars
"{17E5656A-EC8B-49DD-8F95-340FDCF58DD9}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{69014DE5-967F-4149-AA07-94291C89AFFB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{B0FA2221-89EB-400F-8C34-99A9D2824733}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{4368BAE2-06B2-467A-9BE0-6C8D6E15F356}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{2BF62936-93D4-4905-B0AD-AFA0F6B3F224}E:\\games\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:E:\games\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{7AE32506-1051-4163-8634-3FD7084F59AE}E:\\games\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:E:\games\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{6CCA59AA-3822-46A8-8885-730EC9C45DAD}E:\\games\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:E:\games\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"UDP Query User{828C9F97-5676-4F28-91EF-99CDA0CC7358}E:\\games\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:E:\games\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp
"TCP Query User{28223AA0-AD24-447D-BDA1-3C21D98DF28D}E:\\games\\flatout2\\flatout2.exe"= UDP:E:\games\flatout2\flatout2.exe:FlatOut2
"UDP Query User{F863BBEE-29BE-4084-98A5-45FB630350F4}E:\\games\\flatout2\\flatout2.exe"= TCP:E:\games\flatout2\flatout2.exe:FlatOut2
"TCP Query User{B147BE19-BA00-4961-9189-90E77493CB51}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= UDP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"UDP Query User{70B19360-E58E-49CD-A7CC-6D1A84231578}C:\\program files\\electronic arts\\crytek\\crysis\\bin32\\crysis.exe"= TCP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis
"{EF1AF686-FA1C-40ED-B2F6-5B6F8E2B1631}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{8B3919AC-C3CD-4FC1-9D66-8986695244F7}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{998B0060-8FA0-4CFC-9CC8-1F7C7E6E36DD}"= UDP:E:\games\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{F4CA8A32-0C60-4980-A52C-C08C5161EF14}"= TCP:E:\games\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{7B9EA21D-F099-40F7-B14B-10F307BE70B6}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{92B3641D-CDA7-477C-AEE4-C818468DED9B}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"{55DD010A-7465-4632-89BE-6C349AB9B8D6}"= UDP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{893665C7-4FFB-49C3-BF76-0FA6657FD1FF}"= TCP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2D3A8BCA-6665-40DF-8679-5FD958E172C8}"= UDP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{820D26F4-2062-4878-B301-51F31A4B9C1A}"= TCP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{59608A9F-445C-42FB-8739-D99E5CB760BB}"= UDP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A0C290BE-7F81-4989-98A1-3D3A807ACAF8}"= TCP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{DD624168-5038-4190-86F4-4F4509DE896C}C:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= UDP:C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"UDP Query User{A09C373D-4CD8-4FCE-B56F-CCEE95A95362}C:\\program files\\microsoft games\\gears of war\\binaries\\wargame-g4wlive.exe"= TCP:C:\program files\microsoft games\gears of war\binaries\wargame-g4wlive.exe:Gears Of War
"TCP Query User{073CA1A0-25BF-46A1-BEE1-6012F2CE2876}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{CDD58EDC-9660-4192-AB22-838B1A120F87}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"{DE984E94-9F0F-49C6-AF28-7019E25EF26B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5D06827D-0EA5-4875-9D55-482BFE9DED75}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FEEE5E8D-B1AA-4F32-81B6-6FBE165C1B33}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EDBAB726-38C3-4337-8F5B-73F17DECD3B2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{47F1E56E-6691-4898-9DC6-6B8AD1752532}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{0B718DCE-B2F4-49F0-A99F-6AC5EBB4D87E}E:\\games\\codemasters\\rf online;\\rf.exe"= UDP:E:\games\codemasters\rf online;\rf.exe:RFLauncher
"UDP Query User{06AD57CF-8C27-4515-B19B-66D804F8C9FB}E:\\games\\codemasters\\rf online;\\rf.exe"= TCP:E:\games\codemasters\rf online;\rf.exe:RFLauncher
"{77CCA8F2-C0B1-4FC1-9755-51EA87958BE0}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{916FB316-5D56-4132-9A12-1D540FC730E2}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{3BC977EE-8B87-4DDC-8357-88F963B4585A}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"UDP Query User{B87B5AB5-90E7-4BA9-A027-1B467801903C}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java(TM) Platform SE binary
"TCP Query User{283A687D-33A1-4FCD-807D-3B770CD7C89B}E:\\games\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:E:\games\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{19AC84A1-A9B5-43FB-A9F0-871F15BDE637}E:\\games\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:E:\games\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"TCP Query User{58A0E5F0-9266-4A5A-9234-8AD8105BEF62}C:\\program files\\orbitdownloader\\orbitdm.exe"= UDP:C:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader
"UDP Query User{99FA8FB2-0CF2-43B5-B660-FB039911603E}C:\\program files\\orbitdownloader\\orbitdm.exe"= TCP:C:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader
"{9A1B59B8-B386-49F8-BB34-DEB93ACF74E3}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{12DE2246-DA1E-499D-92AA-3185B4D19EF8}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{97023752-98DB-4384-8A22-57960C7AB81A}"= UDP:17475:TDU
"{F72F6EE5-B764-4484-9A97-FAD04B352B96}"= TCP:17475:TDU2
"{BA0ADD19-5636-4978-A6B0-F13E45E7C7DD}"= UDP:6667:TDU3
"{537E93E3-3092-4F5B-97FD-81EC05660026}"= UDP:9962:TDU4
"{FF704E0B-EC5B-42E6-9AA5-C745E539012D}"= TCP:9962:TDU5
"{E5183F58-ABD7-4E3C-AC7B-88E10A37CE48}"= UDP:8889:TDU6
"TCP Query User{E41E6200-9DA9-48BB-8673-33AA1DC1D2E7}E:\\games\\test drive unlimited\\testdriveunlimited.exe"= UDP:E:\games\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"UDP Query User{00BF3857-A2BC-445A-BF17-3BA91A0C843D}E:\\games\\test drive unlimited\\testdriveunlimited.exe"= TCP:E:\games\test drive unlimited\testdriveunlimited.exe:Test Drive Unlimited
"TCP Query User{90A29A64-00DC-42DD-970A-BCE778750B0A}C:\\program files\\edisk\\edisk klient\\edisk klient.exe"= UDP:C:\program files\edisk\edisk klient\edisk klient.exe:eDisk klient
"UDP Query User{DF2B5CFC-BB20-4807-921D-AACBE20DE02C}C:\\program files\\edisk\\edisk klient\\edisk klient.exe"= TCP:C:\program files\edisk\edisk klient\edisk klient.exe:eDisk klient
"{00F2FDEC-46BB-49CF-96F8-DB1642F95D87}"= UDP:E:\games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"{E4974DBD-3689-4CFA-A7D4-8994623FEB27}"= TCP:E:\games\Dungeon Siege 2\DungeonSiege2.exe:Dungeon Siege 2 Game Executable
"TCP Query User{477AB2D8-1FE6-4508-9C87-E243D185BD2F}E:\\games\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:E:\games\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{85007036-1A48-4A30-B2C4-5E8372B10EF2}E:\\games\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:E:\games\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{82469263-B7E0-4CFA-B27D-FA876F921C45}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{EB961375-B741-4558-8E61-0F76278E39AF}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{4BDD058F-4F00-4FFD-BE38-1F0F1B37F164}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= UDP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{16DA057E-9DCB-442F-8A72-385E61094627}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= TCP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient
"{24BEFD76-7710-4D18-ADBA-50DC9C632ECE}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{509E7CCF-B03B-4B31-97B6-BDB611915806}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A3583BC9-82CE-4A4F-8D69-AB91FBDDFB4B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{FF53C480-A7A3-42C2-9F1C-4876A9DC62BB}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{3DB4AC7D-3FD8-42FE-B071-769AF7120A10}"= UDP:E:\games\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{D9886D96-2777-470F-8722-6894EB815DD1}"= TCP:E:\games\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{23DA5184-798E-4CBE-A827-01C353DEFFA3}"= UDP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{ACD720F8-15C8-4A0E-AFB3-AB17601B2C07}"= TCP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{4B31655C-0D17-4360-84E0-86E3397B65FF}"= UDP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{D6012C5B-5C6C-4A63-8FDF-0D6B7BF85B01}"= TCP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{7DA7813A-692E-4D10-B11A-BDB1F90B7D2F}"= UDP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{368BAAEF-3A06-43B7-A170-E96367EAC086}"= TCP:E:\games\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{7645DB9D-046A-4CE8-A669-DD1AAFEA2297}"= UDP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe:Blizzard Downloader
"{2838BF8B-4DD5-48A8-812B-6BA6DE1D70C9}"= TCP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-enGB-downloader.exe:Blizzard Downloader
"{40DE4602-EF3C-463C-894B-3B53A2F4C741}"= UDP:3724:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-31 01:23]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2008-01-19 07:55]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-07 09:41]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\Windows\system32\DRIVERS\Ma730Pt.sys [2006-09-21 12:23]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\Windows\system32\DRIVERS\Ma730Vad.sys [2005-11-22 14:32]
R3 Razerlow;Razerlow USB Filter Driver;C:\Windows\system32\Drivers\Razerlow.sys [2005-04-24 23:43]
R3 SaiH0109;SaiH0109;C:\Windows\system32\DRIVERS\SaiH0109.sys [2007-05-01 15:45]
R3 SaiU0109;SaiU0109;C:\Windows\system32\DRIVERS\SaiU0109.sys [2007-05-01 15:45]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 11:15]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 11:45]
S3 AODService;AODService;C:\Program Files\AMD\OverDrive\AODAssist []
S3 ASUDriver;ASUDriver;C:\Program Files\AMD\OverDrive\i386\AODDriver.sys [2008-03-10 04:57]
S3 Ma730c;MA730 Bluetooth Core Driver;C:\Windows\system32\DRIVERS\MA730C.sys [2007-01-08 15:06]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 20:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03869ff0-fb69-11dc-a155-001e8cc0f2b3}]
\shell\AutoRun\command - H:\startup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79fcf7ff-f52c-11dc-9c2f-806e6f6e6963}]
\shell\AutoRun\command - G:\autorun.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 13:47:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Echovoice Gamer Statistics"="C:\\Program Files\\Echovoice\\Gamer Statistics\\G15 Echovoice Gamer Statistics.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\wisptis.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\ASUS\AASP\1.00.45\aaCenter.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDSirReal.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-05-01 13:53:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 11:52:50

Adresářů: 11, Volných bajtů: 124,641,456,128
Adres ý…: 17, Volněch bajt…: 126,326,472,704

448 --- E O F --- 2008-04-27 07:50:14



HIJACKTHIS LOG
---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:14, on 1.5.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\ASUS\AASP\1.00.45\aaCenter.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDSirReal.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\Program Files\IEPro\IEProRs.dll/easyhome.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Talisman.lnk = C:\Program Files\Talisman 2\talisman.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: AODService - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11409 bytes

Reklama
Uživatelský avatar
Baron Prášil
Master Level 7
Master Level 7
Příspěvky: 4882
Registrován: červen 06
Pohlaví: Muž
Stav:
Offline

Re: Suspensor PC problém

Příspěvekod Baron Prášil » 03 kvě 2008 14:49

hm. možná sem z toho trošku vypadl za posledních 14dní nepřítomnosti,ale nevidím ho tam.
nech zkontrolovat na virustotal http://www.virustotal.com/flash/index_en.html
toto
C:\Windows\nod32restoretemdono.reg
C:\Users\BaRReLL\ntuser.dat{fcc6fdd0-142a-11dd-a751-001e8cc0f2b3}.TMContainer00000000000000000002.regtrans-ms
C:\Windows\System32\BReWErS.dll
nepoužívej "Procházet" ale vlož do okna celou cestu,tučně označenou,k souboru metodou Ctrl+C > Ctrl+V

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

Stáhni si a ulož na disk Flash Disinfector (by sUBs)
připoj postupně k H:\ i G:\ všechna přenosná zařízení a
- Spusť Flash Disinfector
- Počkej až program proběhne
- pak flešku odpoj

smaž
H:\startup.exe
G:\autorun.exe

tyto tučně označené najdi v registrech (regedit) a smaž
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\
explorer\mountpoints2\{03869ff0-fb69-11dc-a155-001e8cc0f2b3}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\
explorer\mountpoints2\{79fcf7ff-f52c-11dc-9c2f-806e6f6e6963}]


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 34 hostů