FB virus

[Eastonko]

ale sak ja uz teraz mam zaskrknute setky policka tak ako je aj na screene

[stell]

dobre,
pokracuj, ak nic nebude tak uz len vycistime pc, a hotovo, na ufa ,sa pozriem.po logu zGMER
IAT/EAT>.netreba, zaskrtnut,

[Eastonko]

ufa aj unrar som uz vymazal... vycistit staci CCleanrom??...ked som odskrkol na GMER to IE.... tak po zacati scanu sa hned zavrel tak ako predchadzajuce programy

[stell]

no , tak to zafajkni spat a uvidime.

[Eastonko]

mnesa zda ze ked neaky progream robi nieco s registramny tak sa hned vypne napriklad teraz CCleaner cistenie v pohode ale kontrola registrov sa vypala a nasledne uz nejde spustit "nemam opravnenie" a zda sa mi ze prvych 15 sekund na tom programe malware ... sa tierz nieco robilo s registramy

[Eastonko]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-07-22 16:50:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0303
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awkiifod.sys


---- System - GMER 1.0.15 ----

SSDT sppk.sys ZwEnumerateKey [0xF7711DA4]
SSDT sppk.sys ZwEnumerateValueKey [0xF7712132]

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [F75F2360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F75F2360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\ai5ckext \Device\Scsi\ai5ckext1Port1Path0Target0Lun0 862B2500
Device \Driver\ai5ckext \Device\Scsi\ai5ckext1 862B2500
Device \FileSystem\Ntfs \Ntfs 86FD61F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:480] F7900D20
Thread System [4:484] F7900D20
Thread System [4:488] 85571505
Thread System [4:492] 85571505

---- EOF - GMER 1.0.15 ----

[stell]

najprv sprav toto
1:Stiahnuť aswMBR.exe na plochu.
http://public.avast.com/%7Egmerek/aswMBR.exe
2:Dvakrát kliknite na aswMBR.exe a spusťte
3:Kliknite na tlačidlo "Scan" pre spustenie skenovania
4:V prípade infekcie Kliknite na tlačidlo "Fix"
5:Uložte asw.log na plochu.
log vloz sem

[Eastonko]

takze po skene aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-22 17:01:59
-----------------------------
17:01:59.718 OS Version: Windows 5.1.2600 Service Pack 3
17:01:59.718 Number of processors: 2 586 0x1C0A
17:01:59.718 ComputerName: YOUR-YEZLD55J7F UserName: Owner
17:02:00.234 Initialize success
17:04:27.046 AVAST engine defs: 11072200
17:06:43.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:06:43.531 Disk 0 Vendor: ST916031 0303 Size: 152627MB BusType: 3
17:06:43.750 Disk 0 MBR read successfully
17:06:43.765 Disk 0 MBR scan
17:06:43.828 Disk 0 Windows XP default MBR code
17:06:43.875 Disk 0 scanning sectors +312576705
17:06:44.031 Disk 0 scanning C:\WINDOWS\system32\drivers
17:06:44.515 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Sirefef-G [Rtk]
17:06:59.406 Service scanning
17:06:59.859 Service MpKsl04d1232d c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys **LOCKED** 3
17:06:59.859 Service MpKsl10b9fa8f C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys **LOCKED** 3
17:06:59.875 Service MpKsl2d617679 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys **LOCKED** 3
17:06:59.890 Service MpKsl51714340 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys **LOCKED** 3
17:06:59.890 Service MpKsl80b04e45 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys **LOCKED** 3
17:06:59.921 Service MpKsl918de7df C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys **LOCKED** 3
17:06:59.937 Service MpKsla1589737 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys **LOCKED** 3
17:06:59.953 Service MpKslac6f084d C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys **LOCKED** 3
17:07:00.062 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:07:00.640 Modules scanning
17:07:05.984 Module: C:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS**
17:07:08.625 Disk 0 trace - called modules:
17:07:08.671 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85570a80]<<
17:07:08.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f038c8]
17:07:08.734 3 CLASSPNP.SYS[f784cfd7] -> nt!IofCallDriver -> [0x86300688]
17:07:08.750 \Driver\00001702[0x8618f030] -> IRP_MJ_CREATE -> 0x85570a80
17:07:09.296 AVAST engine scan C:\WINDOWS
17:07:18.468 AVAST engine scan C:\WINDOWS\system32
17:10:04.531 AVAST engine scan C:\WINDOWS\system32\drivers
17:10:04.906 File: C:\WINDOWS\system32\drivers\afd.sys **INFECTED** Win32:Sirefef-G [Rtk]
17:10:24.453 AVAST engine scan C:\Documents and Settings\Owner
17:11:11.328 File: C:\Documents and Settings\Owner\Desktop\RK_Quarantine\1254893.exe.vir **INFECTED** Win32:Delf-QBF [Trj]
17:11:11.828 File: C:\Documents and Settings\Owner\Desktop\RK_Quarantine\1949468.exe.vir **INFECTED** Win32:Delf-QBF [Trj]
17:11:12.046 File: C:\Documents and Settings\Owner\Desktop\RK_Quarantine\5136731.exe.vir **INFECTED** Win32:Delf-QBF [Trj]
17:11:12.281 File: C:\Documents and Settings\Owner\Desktop\RK_Quarantine\69045434-loader2.exe.vir **INFECTED** Win32:Delf-QBF [Trj]
17:11:12.562 File: C:\Documents and Settings\Owner\Desktop\RK_Quarantine\8774866.exe.vir **INFECTED** Win32:Delf-QBF [Trj]
17:11:12.921 File: C:\Documents and Settings\Owner\Desktop\RK_Quarantine\sysdriver32.exe.vir **INFECTED** Win32:Patched-WQ [Trj]
17:11:13.156 File: C:\Documents and Settings\Owner\Desktop\RK_Quarantine\sysdriver32_.exe.vir **INFECTED** Win32:Delf-QBF [Trj]
17:12:59.203 AVAST engine scan C:\Documents and Settings\All Users
17:13:38.140 Scan finished successfully
17:15:26.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
17:15:26.078 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"



ale fix nemam vysviewteny ale mam len fixMBR

[stell]

ok, mas tam este infikovany systemovy subor
stiahni na plochu
http://jpshortstuff.247fixes.com/SystemLook.exe

spust do okna vloz zeleny text a klikni na look
log vloz sem

Kód: Vybrat vše

:filefind
afd.sys*

[Eastonko]

log
SystemLook 04.09.10 by jpshortstuff
Log created at 17:26 on 22/07/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys*"
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a---- 138496 bytes [04:34 15/06/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys --a---- 138496 bytes [17:44 19/03/2010] [11:48 20/06/2008] D6EE6014241D034E63C49A50CB2B442A
C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys --a---- 138496 bytes [17:47 19/03/2010] [10:34 14/08/2008] 4D43E74F2A1239D53929B82600F1971C
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [01:19 16/06/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys --a--c- 138496 bytes [16:16 11/05/2011] [10:04 14/08/2008] 7E775010EF291DA96AD17CA4B17137D7
C:\WINDOWS\$NtUninstallKB951748$\afd.sys --a--c- 138112 bytes [17:44 19/03/2010] [12:00 14/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\$NtUninstallKB956803$\afd.sys --a--c- 138496 bytes [17:47 19/03/2010] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\$NtUninstallKB956803$\afd.sys.000 --a--c- 138496 bytes [17:47 19/03/2010] [11:40 20/06/2008] E3049B90FE06F3F740B7CFDA44995E2C
C:\WINDOWS\SoftwareDistribution\Download\402b80bba3eb5ba477eeaa840ad0e146\SP3GDR\afd.sys --a---- 138496 bytes [07:02 22/07/2011] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\SoftwareDistribution\Download\402b80bba3eb5ba477eeaa840ad0e146\SP3QFE\afd.sys --a---- 138496 bytes [07:02 22/07/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\afd.sys --a---- 138496 bytes [14:43 16/10/2008] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\system32\dllcache\afd.sys -----c- 138496 bytes [15:51 19/03/2010] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [15:51 19/03/2010] [13:22 16/02/2011] 14C28672FF91C83C2A122C1381459678

-= EOF =-

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
FCOPY::
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys | C:\WINDOWS\system32\drivers\afd.sys
File::
C:\WINDOWS\system32\dllcache\afd.sys

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[Eastonko]

tak a tu je combofix:D


ComboFix 11-07-22.02 - Owner 22.07.2011 17:47:23.3.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.337 [GMT 2:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\system32\dllcache\afd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\dllcache\afd.sys
.
.
--------------- FCopy ---------------
.
c:\windows\$hf_mig$\KB2503665\SP3QFE\afd.sys --> c:\windows\system32\drivers\afd.sys
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 15:27 . 2004-04-18 21:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-07-22 15:27 . 2004-04-18 21:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-07-22 15:27 . 2004-04-18 21:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-07-22 15:27 . 2004-04-18 21:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-07-22 15:26 . 2011-07-22 15:26 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-07-22 15:26 . 2004-04-18 21:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-07-22 15:26 . 2011-07-22 15:26 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-07-22 15:25 . 2011-07-22 15:29 -------- d-----w- c:\windows\LastGood.Tmp
2011-07-22 15:24 . 2010-12-07 12:23 25088 ----a-w- c:\windows\system32\drivers\lgandmodem.sys
2011-07-22 15:24 . 2010-12-07 12:23 20736 ----a-w- c:\windows\system32\drivers\lganddiag.sys
2011-07-22 15:24 . 2010-12-07 12:23 20096 ----a-w- c:\windows\system32\drivers\lgandgps.sys
2011-07-22 15:24 . 2010-12-07 12:22 14336 ----a-w- c:\windows\system32\drivers\lgandbus.sys
2011-07-22 12:58 . 2011-07-22 12:58 13312 ----a-w- c:\windows\system32\drivers\vdi4ndex.sys
2011-07-22 11:14 . 2011-07-22 11:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LG Electronics
2011-07-22 10:20 . 2011-07-22 10:20 -------- d-----w- c:\program files\ESET
2011-07-22 10:20 . 2011-07-22 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-07-22 09:09 . 2011-07-22 09:09 -------- d-----w- c:\windows\TempB3C8FDF1-A370-AA90-3F6E-101E5F035BF8-Signatures
2011-07-21 17:32 . 2011-07-21 17:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-07-21 17:31 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 17:31 . 2011-07-21 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-21 17:31 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 17:31 . 2011-07-22 09:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 12:51 . 2011-07-22 06:56 -------- d-----w- c:\documents and settings\Administrator
2011-07-17 19:14 . 1997-01-18 08:40 299520 ----a-w- c:\windows\uninst.exe
2011-07-12 19:27 . 2011-07-12 19:27 -------- d-----w- c:\program files\DreamWorks Interactive
2011-07-07 11:41 . 2003-05-23 11:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-07 11:41 . 2003-05-23 11:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-07 11:38 . 2003-05-23 11:28 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-07-07 11:37 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-07-07 11:37 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-07-07 11:37 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-07-07 11:37 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-07-07 11:37 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-07-07 11:37 . 2011-07-07 11:37 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-07-07 11:37 . 2011-07-07 11:37 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-07-06 10:15 . 2011-07-06 10:15 -------- d--h--r- c:\documents and settings\Owner\Application Data\SecuROM
2011-07-05 14:50 . 2011-07-05 14:50 -------- d-----w- c:\documents and settings\Owner\Application Data\MyPhoneExplorer
2011-07-05 14:46 . 2011-07-05 14:50 -------- d-----w- c:\program files\MyPhoneExplorer
2011-07-02 19:35 . 2011-07-02 19:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DOSBox
2011-07-02 19:31 . 2011-07-05 19:38 -------- d-----w- c:\program files\DOSBox-0.74
2011-06-27 19:19 . 2011-07-22 15:29 -------- d-----w- c:\program files\LG Electronics
2011-06-27 19:17 . 2011-07-22 15:23 -------- d-----w- C:\LGP500
2011-06-27 19:16 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2011-06-27 19:16 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-06-27 19:16 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2011-06-27 19:16 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2011-06-27 19:16 . 2005-10-03 23:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-06-27 19:16 . 2011-06-29 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX
2011-06-26 16:40 . 2008-04-13 22:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2011-06-26 16:40 . 2008-04-13 22:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2011-06-26 16:40 . 2008-04-13 22:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2011-06-26 16:40 . 2008-04-13 22:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2011-06-26 16:37 . 2011-06-26 16:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-06-24 14:02 . 2011-06-24 14:02 -------- d-----w- c:\program files\Common Files\Steam
2011-06-24 14:02 . 2011-06-29 06:40 -------- d-----w- c:\program files\Steam
2011-06-24 07:38 . 2011-06-24 07:38 -------- d-----w- c:\documents and settings\Owner\Application Data\fltk.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-03 08:36 . 2011-06-03 08:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 06:05 . 2011-06-03 06:05 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-06-02 14:02 . 2010-03-19 15:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 09:35 . 2011-05-26 09:35 65536 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35 . 2011-05-26 09:35 61440 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2011-05-26 09:35 . 2011-05-26 09:35 61440 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2011-05-26 09:35 . 2011-05-26 09:35 40960 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut1_3293C06B003F40278380FFD79E38167D.exe
2011-05-14 21:03 . 2011-05-14 21:04 737280 ----a-w- c:\windows\iun6002.exe
2011-05-13 20:10 . 2011-05-13 20:10 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-05-11 06:09 . 2011-05-11 06:09 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-05-10 11:13 . 2011-05-10 11:13 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-02 15:31 . 2010-03-19 17:01 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2010-03-19 15:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2010-03-19 15:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2010-03-19 15:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2010-03-19 15:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 16:11 . 2010-03-19 15:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2010-03-19 15:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2010-03-19 15:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2010-03-19 15:51 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-22_09.50.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2006-12-01 22:46 . 2006-12-01 22:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2011-07-22 11:13 . 2011-07-22 11:13 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
- 2010-03-19 15:51 . 2011-06-26 16:41 73016 c:\windows\system32\perfc009.dat
+ 2010-03-19 15:51 . 2011-07-22 11:11 73016 c:\windows\system32\perfc009.dat
+ 2009-09-29 06:11 . 2009-09-29 06:11 12928 c:\windows\system32\drivers\lgvmodem.sys
+ 2009-09-29 06:11 . 2009-09-29 06:11 12160 c:\windows\system32\drivers\lgbtport.sys
+ 2009-09-29 06:11 . 2009-09-29 06:11 10496 c:\windows\system32\drivers\lgbtbus.sys
+ 2010-12-21 11:47 . 2010-12-21 11:47 94872 c:\windows\system32\drivers\epfwtdir.sys
+ 2011-07-22 11:05 . 2011-07-22 11:13 53248 c:\windows\Installer\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}\ARPPRODUCTICON.exe
+ 2011-07-22 12:38 . 2011-07-22 12:38 53248 c:\windows\Installer\{74EAA5ED-7DDF-4647-8F90-C746BEB246F8}\ARPPRODUCTICON.exe
+ 2011-07-22 11:13 . 2011-07-22 11:13 32768 c:\windows\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
+ 2011-07-22 10:21 . 2011-07-22 10:21 10134 c:\windows\Installer\{204BB4EF-68AC-454B-857E-431336B4188A}\callmsi.exe
+ 2010-06-29 04:34 . 2010-06-29 04:34 5632 c:\windows\system32\StarOpen.sys
- 2010-03-19 15:51 . 2011-06-26 16:41 445140 c:\windows\system32\perfh009.dat
+ 2010-03-19 15:51 . 2011-07-22 11:11 445140 c:\windows\system32\perfh009.dat
+ 2010-12-21 13:04 . 2010-12-21 13:04 115008 c:\windows\system32\drivers\ehdrv.sys
+ 2010-12-21 13:04 . 2010-12-21 13:04 141264 c:\windows\system32\drivers\eamon.sys
+ 2011-07-22 10:21 . 2011-07-22 10:21 975872 c:\windows\Installer\cb2be.msi
+ 2011-07-22 09:59 . 2011-07-22 09:59 301056 c:\windows\Installer\9f2a7.msi
+ 2011-07-22 11:14 . 2011-07-22 11:14 228352 c:\windows\Installer\626e2.msi
+ 2011-07-22 11:14 . 2011-07-22 11:14 331264 c:\windows\Installer\626dc.msi
+ 2011-07-22 11:13 . 2011-07-22 11:13 390656 c:\windows\Installer\626d6.msi
+ 2011-07-22 11:13 . 2011-07-22 11:13 518656 c:\windows\Installer\626c9.msi
+ 2011-07-22 11:05 . 2011-07-22 11:05 518656 c:\windows\Installer\368d0b.msi
+ 2011-07-22 12:38 . 2011-07-22 12:38 584704 c:\windows\Installer\140ba3.msi
+ 2011-07-22 10:21 . 2011-07-22 10:21 101504 c:\windows\Installer\{204BB4EF-68AC-454B-857E-431336B4188A}\egui.exe
+ 2011-07-22 11:13 . 2011-07-22 11:13 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2010-08-23 08:48 . 2010-08-23 08:48 4941312 c:\windows\Installer\368d0c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-03-28 16:22 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit0.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"LG LinkAir"="c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2011-07-22 2449768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"CapsHook"="c:\program files\EeePC\CapsHook\CapsHook.exe" [2010-05-28 445344]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-27 19523616]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2010-05-17 1246632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-28 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-28 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-28 141336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-06-14 404568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-3-19 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-06-29 08:46 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-28 19:59 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"d:\\Hry\\Pan\\game.dat"=
"d:\\Hry\\CS\\hl.exe"=
"d:\\Hry\\NHL09\\nhl2009.exe"=
"d:\\Hry\\TrackMania Original\\TrackManiaLauncher.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\Hry\\Cataclysm\\Launcher.exe"=
"d:\\Hry\\Cataclysm\\BackgroundDownloader.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Steam\\steamapps\\eastonko\\team fortress 2\\hl2.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\HALO CE\\halo.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\tdsskiller (1).exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\tdsskiller (2).exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\LG Electronics\\LG PC Suite IV\\LinkAir\\LinkAir.exe"=
"c:\\Program Files\\LG Electronics\\LG PC Suite IV\\LGUX.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\avz4\\avz.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\LG Electronics\\LG PC Suite IV\\Temp\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\LG Electronics\\LG PC Suite IV\\LiveUpdate.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\aswMBR.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\LGMOBILEAX\\LGMLauncher.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\LGMOBILEAX\\B2C_Client\\LGUserCSTool.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\B2CAppSetup (2).exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\LGMOBILEAX\\B2C_Client\\B2CNotiAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 pe3ajcyb;TrackMania Original Environment Driver (pe3ajcyb);c:\windows\system32\drivers\pe3ajcyb.sys [6.2.2007 19:53 65424]
R0 pf2ajcyb;TrackMania Original File System Driver (pf2ajcyb);c:\windows\system32\drivers\pf2ajcyb.sys [6.2.2007 19:53 82832]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.5.2011 13:13 691696]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [19.3.2010 20:06 11520]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21.7.2011 19:31 366640]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [11.3.2010 15:55 44032]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 8:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 8:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 8:11 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21.7.2011 19:31 22712]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\drivers\rtsuvc.sys [9.5.2011 8:29 73088]
S1 MpKsl04d1232d;MpKsl04d1232d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{361F2228-1D57-4F26-A5D6-6E485C38D6FF}\MpKsl04d1232d.sys [?]
S1 MpKsl10b9fa8f;MpKsl10b9fa8f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl10b9fa8f.sys [?]
S1 MpKsl2d617679;MpKsl2d617679;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BCCD2-A86D-4C17-8F38-8D192714E81D}\MpKsl2d617679.sys [?]
S1 MpKsl51714340;MpKsl51714340;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F4B8C8A-E8A6-4E7D-8AD0-6063B17EC90D}\MpKsl51714340.sys [?]
S1 MpKsl80b04e45;MpKsl80b04e45;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKsl80b04e45.sys [?]
S1 MpKsl918de7df;MpKsl918de7df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD126C54-1CAC-4805-90AE-DB0280CEBCF2}\MpKsl918de7df.sys [?]
S1 MpKsla1589737;MpKsla1589737;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5704E468-B3EF-4133-86FB-58249B395770}\MpKsla1589737.sys [?]
S1 MpKslac6f084d;MpKslac6f084d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9DC2EFA7-0FE4-4969-8FF4-E04E3C74C7E4}\MpKslac6f084d.sys [?]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
S2 pr2ajcyb;TrackMania Original Drivers Auto Removal (pr2ajcyb);c:\windows\system32\pr2ajcyb.exe svc --> c:\windows\system32\pr2ajcyb.exe svc [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9.5.2011 8:28 1691480]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [22.7.2011 17:24 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [22.7.2011 17:24 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [22.7.2011 17:24 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [22.7.2011 17:24 25088]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [23.5.2011 13:05 53793]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21.7.2011 19:31 41272]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19.3.2010 17:51 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2720364081-1508842672-1582766270-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3087345157-2538592061-3371908944-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 10:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.20
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB774$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\Device\svchost.exe\svchost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2011-07-22 18:00:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-22 16:00
ComboFix2.txt 2011-07-22 13:48
ComboFix3.txt 2011-07-22 09:57
.
Pre-Run: 28 954 648 576 bytes free
Post-Run: 10 adresárov, 29 029 126 144 voľných bajtov
.
- - End Of File - - 432B64796DCF1FA293D1E912F6DAED97

[stell]

ok, Vypnut antivirak<Firewall
spust este raz AVZ>>das FILE-Custom script> a skopiruj tento script do oknaKlikni na RUN

Kód: Vybrat vše

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('globalroot\device\svchost.exe\svchost.exe','');
DeleteFile('globalroot\device\svchost.exe\svchost.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

potom ihned znova vypni obnovu systemu,restart a zapni spat
a naps ako sa chova pc

[Eastonko]

no co ja viem bezne nespozoroval som nic specialne tak ako vzdy....jedine co blbnre je nod ked kliknem na ikonku v pravo dole tak sa otvori ale neni tam nic napisane ani nic na vyberr len skin ako keby...a teraz dalo neaku tabulku ze volaco s jadrom ci co

[stell]

Takto preinstaluj NOD
Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

odinstaluj combofix
premenuj ikonu combofixu na uninstall
a spust.

A musis spravit AVPTOOL, potom log vloz sem
navod
http://www.viry.cz/forum/viewtopic.php?f=29&t=58179