ESET.bg форум

Значи немога да вляза в диск Д , излиза ми саобштението че липсва фаила I-T-N-I/FreeXX.bat

Има подобна тема на тази но видях че е доста стара http://www.eset.bg/forum/viewtopic.php?f=5&t=975&p=6564

Значи проблема ми е подобен с изключението че аз бях с уиндоус 7 ( билд 7000 ) но нещо се прецака неможех да вляза нито в сафе мод нито нормалното стартиране ми работеше .. просто ми показваше син екран и "dumping memory" , стига до 100 и пц-то се рестартираше.

реших да преинсталирам и сложих уиндоус хп сп2 и от тогава ми се появи този проблем , прегледах горната тема но видях нещо различно , пича там си оправя компа като изтрива ауторан-а а при мен тази скрита папка I-T-N-I си я нямаше по начало, а аз не сам я изтривал и си мисля че ще се оправи ако изтрия ауторан-а но немога да го намеря , трябваше да е в папката I-T-N-I но понеже при мен тя беше изтрита фаила(ауторан-а) явно е на друго място..

някакви идеи как мога да го намеря ?

Здравейте и добре дошли!

Използвайте тези инструкции, генерирайте лог файл от ESET SysInspector и го прикрепете към следващия си пост.
http://www.eset.bg/forum/viewtopic.php? ... b8459bec2c

Ето и фаила които искахте

http://www.4shared.com/file/106345902/5 ... -1209.html

Вие сте генерирали лог файл на Windows XP SP2. Проблемът на него ли е или на Windows 7? Ако е на Windows 7 е необходимо лога да се генерира на него.

Едно време имах същия проблем, тогава влизах в Д-то чрез бутона горе папки и от там си избирах Д-то. Беше отдавна когато нямах антивирусна и се наложи преинсталация.

Моля, изтеглете SystemLook от един от тези линкове и запазете програмата на работния Ви плот.

Download Mirror #1
Download Mirror #2

• Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
• Копирайте съдържанието на следния код в текстовото поле на програмата.
  
  Код:
  :filefind
  *autorun*
  *FreeXX*
  
  :folderfind
  *I-T-N-I*
  
  
• Кликнете на бутона Look, за да започне сканирането.
• Когато сканирането завърши ще Ви се отвори Notepad с резултата от сканирането. Моля, публикувайте вашия лог в следващия си коментар.

Бележка: Освен това, вашият лог файл може да бъде открит на работния Ви плот с име SystemLook.txt

Ето го лог-а но мисля че това не помага , сичките тия ауторан.инк са в ресент папката , това е защотот тарсих фаила в сърч (autorun.ink) и отварях сички поред преди да постна в форума но не намерих нищо ...

SystemLook v1.0 by jpshortstuff (18.05.09)
Log created at 12:54 on 19/05/2009 by OneAndOnlyBG (Administrator - Elevation successful)

========== filefind ==========

Searching for "*autorun*"
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (10).lnk --a--- 1241 bytes [08:54 19/05/2009] [08:54 19/05/2009] 03642F6D34590747608178B8AD8B7A70
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (11).lnk --a--- 1051 bytes [08:54 19/05/2009] [08:54 19/05/2009] 9DF229E86CAAD3C965A0BBC9876055B0
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (2).lnk --a--- 1269 bytes [08:32 19/05/2009] [08:32 19/05/2009] 168D2B0D10DAE98881E9599E1F68B8D3
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (3).lnk --a--- 1283 bytes [08:32 19/05/2009] [08:32 19/05/2009] CEC11C1E9776E018C6A96F94058D77E5
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (4).lnk --a--- 1304 bytes [08:32 19/05/2009] [08:32 19/05/2009] 6F1B66FDC3554991831747229D0AA557
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (5).lnk --a--- 1241 bytes [08:32 19/05/2009] [08:32 19/05/2009] C5F7F9F05BEE175EE7CD5960C0403E5A
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (6).lnk --a--- 1051 bytes [08:32 19/05/2009] [08:32 19/05/2009] 20AFEA7DF6DB2825524A2D5B6EA288B3
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (7).lnk --a--- 1269 bytes [08:54 19/05/2009] [08:54 19/05/2009] D84B368577FE3B497A8F3693851D406D
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (8).lnk --a--- 1283 bytes [08:54 19/05/2009] [08:54 19/05/2009] B69616A5F5F1DF7B7ACDF97C79DDCE9C
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf (9).lnk --a--- 1304 bytes [08:54 19/05/2009] [08:54 19/05/2009] 74418B45846F342E2DFEE88127748513
C:\Documents and Settings\OneAndOnlyBG\Recent\autorun.inf.lnk --a--- 1051 bytes [08:31 19/05/2009] [08:31 19/05/2009] E535ECC57D94BD35AFC787ECB5BBA8AF

Searching for "*FreeXX*"
No files found.

========== folderfind ==========

Searching for "*I-T-N-I*"
No folders found.

-=End Of File=-

Въобще няма такива файлове. Можете да изтриете предишния инструмент.

1) Изтеглете ComboFix от: тук
2) Запазете го на работния си плот (десктоп).
3) Кликнете с десния бутон върху иконата на ESET NOD32 Antivirus в долния десен ъгъл (системен трей) и изберете Disable real-time file system protection.
4) Кликнете два пъти върху combofix.exe
5) ComboFix ще започне да сканира вашата система, докато трае сканирането не барайте нищо. Накрая ще се рестартира компютъра Ви.
6) След рестарта изчакайте да завърши сканирането на ComboFix и да генерира лог файл. Когато сканирането завърши ще Ви изскочи Notepad, копирайте съдържанието му и го публикувайте в следващия си пост тук. Ако не Ви изскочи, влезте в C:\ и намерете файл с името combofix.txt . Отворете го, копирайте съдържанието му и го публикувайте тук.

Значи много благодаря за помоща!
с тази програма се оправи всичко!
забелязах че докато сканираше изписа че изтрива ауторун-а и реших като сварши да пробам и сичко е ок

а ето и лог-а се пак

ComboFix 09-05-18.04 - OneAndOnlyBG 05/19/2009 13:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2046.1393 [GMT 3:00]
Running from: c:\documents and settings\OneAndOnlyBG\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kbdbds.Dll
c:\windows\system32\KBDBPH.dLL
c:\windows\system32\kbdbphz.dLL
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 09:34 . 2009-05-19 09:32 -------- d-----w c:\program files\The KMPlayer
2009-05-19 09:26 . 2009-05-19 07:40 -------- d-----w c:\program files\FlashGet
2009-05-19 09:22 . 2009-05-19 09:22 -------- d-----w c:\program files\uTorrent
2009-05-19 09:07 . 2009-05-19 09:07 -------- d-----w c:\program files\Opera
2009-05-19 08:54 . 2009-05-19 08:54 -------- d-----w c:\program files\ESET
2009-05-19 08:25 . 2009-05-19 08:25 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-05-19 08:25 . 2009-05-19 08:24 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-19 08:23 . 2009-05-19 08:23 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-19 08:00 . 2009-05-19 08:00 -------- d-----w c:\program files\AMD
2009-05-19 07:55 . 2009-05-19 07:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-19 07:55 . 2009-05-19 07:55 -------- d-----w c:\program files\Realtek
2009-05-19 07:54 . 2009-05-19 07:54 -------- d-----w c:\program files\VIA
2009-05-19 07:54 . 2009-05-19 07:39 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-19 07:42 . 2009-05-19 07:41 -------- d-----w c:\program files\Datecs
2009-05-19 07:40 . 2009-05-19 07:40 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2009-05-19 07:38 . 2009-05-19 07:38 -------- d-----w c:\program files\Skype
2009-05-19 07:38 . 2009-05-19 07:38 -------- d-----w c:\program files\Common Files\Skype
2009-05-19 07:33 . 2009-05-19 07:33 12328 ----a-w c:\documents and settings\OneAndOnlyBG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 07:29 . 2009-05-19 07:29 -------- d-----w c:\program files\microsoft frontpage
2009-05-19 07:26 . 2009-05-19 07:26 21640 ----a-w c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 12:00 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-12 1626112]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-01-11 577536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2009-5-19 95232]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R3 esihdrv;esihdrv;\??\c:\docume~1\ONEAND~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ONEAND~1\LOCALS~1\Temp\esihdrv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EAMON
*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN
*NewlyCreated* - EPFWTDIR
*NewlyCreated* - ESIHDRV
*NewlyCreated* - SPTD
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: {82E458FA-8A71-49F5-85F5-21FBCBF5736A} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 13:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\CLBCATQ.DLL
.
Completion time: 2009-05-19 13:19
ComboFix-quarantined-files.txt 2009-05-19 10:19

Pre-Run: 50,205,614,080 bytes free
Post-Run: 50,232,500,224 bytes free

104

Отворете Notepad и чрез copy/paste поставете следното:



Запазете файла с името CFScript.txt и го поставете върху ComboFix.



След, като програмата приключи ще Ви изведе лог файла. Чрез Copy/Paste поставете информацията тук.

ComboFix 09-05-18.04 - OneAndOnlyBG 05/19/2009 13:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2046.1279 [GMT 3:00]
Running from: c:\documents and settings\OneAndOnlyBG\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OneAndOnlyBG\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kbdbds.Dll
c:\windows\system32\KBDBPH.dLL
c:\windows\system32\kbdbphz.dLL

.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 10:47 . 2009-05-19 08:24 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-19 10:26 . 2009-05-19 07:41 -------- d-----w c:\program files\Datecs
2009-05-19 09:34 . 2009-05-19 09:32 -------- d-----w c:\program files\The KMPlayer
2009-05-19 09:26 . 2009-05-19 07:40 -------- d-----w c:\program files\FlashGet
2009-05-19 09:22 . 2009-05-19 09:22 -------- d-----w c:\program files\uTorrent
2009-05-19 09:07 . 2009-05-19 09:07 -------- d-----w c:\program files\Opera
2009-05-19 08:54 . 2009-05-19 08:54 -------- d-----w c:\program files\ESET
2009-05-19 08:25 . 2009-05-19 08:25 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-05-19 08:23 . 2009-05-19 08:23 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-19 08:00 . 2009-05-19 08:00 -------- d-----w c:\program files\AMD
2009-05-19 07:55 . 2009-05-19 07:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-19 07:55 . 2009-05-19 07:55 -------- d-----w c:\program files\Realtek
2009-05-19 07:54 . 2009-05-19 07:54 -------- d-----w c:\program files\VIA
2009-05-19 07:54 . 2009-05-19 07:39 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-19 07:40 . 2009-05-19 07:40 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2009-05-19 07:38 . 2009-05-19 07:38 -------- d-----w c:\program files\Skype
2009-05-19 07:38 . 2009-05-19 07:38 -------- d-----w c:\program files\Common Files\Skype
2009-05-19 07:33 . 2009-05-19 07:33 12328 ----a-w c:\documents and settings\OneAndOnlyBG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 07:29 . 2009-05-19 07:29 -------- d-----w c:\program files\microsoft frontpage
2009-05-19 07:26 . 2009-05-19 07:26 21640 ----a-w c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 12:00 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-19_10.18.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-19 10:47 . 2009-05-19 10:47 16384 c:\windows\temp\Perflib_Perfdata_5ec.dat
+ 2004-08-04 12:00 . 2006-07-14 15:31 332288 c:\windows\system32\netapi32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 332288 c:\windows\system32\netapi32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-12 1626112]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-01-11 577536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2009-5-19 95232]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
S3 esihdrv;esihdrv;\??\c:\docume~1\ONEAND~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\ONEAND~1\LOCALS~1\Temp\esihdrv.sys [?]
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: {82E458FA-8A71-49F5-85F5-21FBCBF5736A} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 13:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\newdll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-05-19 13:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 10:48
ComboFix2.txt 2009-05-19 10:19

Pre-Run: 50,217,529,344 bytes free
Post-Run: 50,210,557,952 bytes free

113

Опитай по същия начин, но този път използвай този скрипт:

Едно вапросче ... каква е целта на сичко това сега ?
аз вече мога да влизам свободно в диск Д ...

Има някакъв rootkit, който отказва да се махне. Не се влияй само от външните промени.
http://bg.wikipedia.org/wiki/%D0%A0%D1% ... 0%B8%D1%82

ComboFix 09-05-18.04 - OneAndOnlyBG 05/19/2009 14:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.2046.1551 [GMT 3:00]
Running from: c:\documents and settings\OneAndOnlyBG\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OneAndOnlyBG\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\OneAndOnlyBG\Temp\esihdrv.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kbdbds.Dll
c:\windows\system32\KBDBPH.dLL
c:\windows\system32\kbdbphz.dLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Service_esihdrv


((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-19 11:23 . 2009-05-19 11:24 -------- d-----w c:\program files\Garena
2009-05-19 11:23 . 2009-05-19 11:23 -------- d-----w c:\documents and settings\OneAndOnlyBG\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 11:23 . 2009-05-19 07:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-19 11:15 . 2009-05-19 07:41 -------- d-----w c:\program files\Datecs
2009-05-19 10:47 . 2009-05-19 08:24 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-19 09:34 . 2009-05-19 09:32 -------- d-----w c:\program files\The KMPlayer
2009-05-19 09:26 . 2009-05-19 07:40 -------- d-----w c:\program files\FlashGet
2009-05-19 09:22 . 2009-05-19 09:22 -------- d-----w c:\program files\uTorrent
2009-05-19 09:07 . 2009-05-19 09:07 -------- d-----w c:\program files\Opera
2009-05-19 08:54 . 2009-05-19 08:54 -------- d-----w c:\program files\ESET
2009-05-19 08:25 . 2009-05-19 08:25 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-05-19 08:23 . 2009-05-19 08:23 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-19 08:00 . 2009-05-19 08:00 -------- d-----w c:\program files\AMD
2009-05-19 07:55 . 2009-05-19 07:55 -------- d-----w c:\program files\Realtek
2009-05-19 07:54 . 2009-05-19 07:54 -------- d-----w c:\program files\VIA
2009-05-19 07:54 . 2009-05-19 07:39 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-19 07:40 . 2009-05-19 07:40 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2009-05-19 07:38 . 2009-05-19 07:38 -------- d-----w c:\program files\Skype
2009-05-19 07:38 . 2009-05-19 07:38 -------- d-----w c:\program files\Common Files\Skype
2009-05-19 07:33 . 2009-05-19 07:33 12328 ----a-w c:\documents and settings\OneAndOnlyBG\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 07:29 . 2009-05-19 07:29 -------- d-----w c:\program files\microsoft frontpage
2009-05-19 07:26 . 2009-05-19 07:26 21640 ----a-w c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 12:00 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-19_10.18.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-19 11:31 . 2009-05-19 11:31 16384 c:\windows\temp\Perflib_Perfdata_580.dat
+ 2004-08-04 12:00 . 2006-07-14 15:31 332288 c:\windows\system32\netapi32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 332288 c:\windows\system32\netapi32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-12 1626112]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-01-11 577536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - c:\program files\Datecs\FlexType 2K\FType2K.exe [2009-5-19 95232]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
TCP: {82E458FA-8A71-49F5-85F5-21FBCBF5736A} = 192.168.1.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 14:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\newdll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2009-05-19 14:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 11:32
ComboFix2.txt 2009-05-19 10:48
ComboFix3.txt 2009-05-19 10:19

Pre-Run: 50,228,690,944 bytes free
Post-Run: 50,194,644,992 bytes free

121