FB vír. pls help

Zpráva

andy_721 · #1 Příspěvek od **andy_721** » 29 říj 2011 12:03

Logfile of random's system information tool 1.09 (written by random/random)
Run by Erika at 2011-10-29 11:38:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 97 GB (41%) free of 238 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:13, on 29.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\update.tray-3-0\svchost.exe
C:\WINDOWS\update.tray-2-0\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
C:\Program Files\USB Video Camera\Monitor.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ7.4\ICQ.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Erika.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
R3 - URLSearchHook: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Brothersoft - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O3 - Toolbar: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Audio HD Driver] C:\DOCUME~1\Erika\LOCALS~1\Temp\wininitd.exe
O4 - HKLM\..\Run: [Windows-Network Component] "C:\WINDOWS\system32\WUDHost.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [9595252.exe] "C:\WINDOWS\TEMP\9595252.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [3269838.exe] "C:\DOCUME~1\Erika\LOCALS~1\Temp\3269838.exe"
O4 - HKLM\..\Run: [9589922.exe] "C:\DOCUME~1\Erika\LOCALS~1\Temp\9589922.exe"
O4 - HKLM\..\Run: [8661981.exe] "C:\WINDOWS\TEMP\8661981.exe"
O4 - HKLM\..\Run: [7847201.exe] "C:\WINDOWS\TEMP\7847201.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Audio Driver] "C:\Documents and Settings\Erika\Application Data\audiohd.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\USB Video Camera\Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9182061156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9181240250
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Služba Google Update (gupdate1caab44d4fd2f2e) (gupdate1caab44d4fd2f2e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wxpdrivers - Cronosoft - C:\WINDOWS\update.1\svchost.exe

--
End of file - 12877 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default

prefs.js - "browser.startup.homepage" - "http://start.facemoods.com/?a=vsl"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6, {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {e8de9422-3b2c-4243-bf6f-235da84d8ef8}:2.5.6.0, battlefieldheroespatcher@ea.com:5.0.31.0, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"
prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer]
"Description"=Zylom Games Player 1.00
"Path"=C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIZylomPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npzylomgamesplayer.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrchvsl.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\
battlefieldheroespatcher@ea.com
engine@conduit.com
ffxtlbr@Facemoods.com
{20a82645-c095-46ed-80e3-08825760534b}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{51a86bb3-6602-4c85-92a5-130ee4864f13}
{800b5000-a755-47e1-992b-48a1c1357f07}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{e8de9422-3b2c-4243-bf6f-235da84d8ef8}

C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll [2010-10-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-18 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
Brothersoft Toolbar - C:\Program Files\Brothersoft\prxtbBro0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]
{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Brothersoft Toolbar - C:\Program Files\Brothersoft\prxtbBro0.dll [2011-01-17 175912]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll [2011-01-17 175912]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll [2010-10-26 217088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-14 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-14 86016]
"Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2006-07-23 1126400]
"Launch LCDMon"=C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Audio HD Driver"=C:\DOCUME~1\Erika\LOCALS~1\Temp\wininitd.exe [2010-05-17 424448]
"Windows-Network Component"=C:\WINDOWS\system32\WUDHost.exe [2010-05-22 48128]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"4StoryPrePatch"=C:\Program Files\Gameforge4D\4Story\PrePatch.exe []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe [2010-10-26 323584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-10-28 1201152]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-10-28 1201152]
"tray_ico1"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-10-28 1201152]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"9595252.exe"=C:\WINDOWS\TEMP\9595252.exe [2011-10-28 258048]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-10-28 258048]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-10-28 258048]
"3269838.exe"=C:\DOCUME~1\Erika\LOCALS~1\Temp\3269838.exe [2011-10-28 258048]
"9589922.exe"=C:\DOCUME~1\Erika\LOCALS~1\Temp\9589922.exe [2011-10-28 258048]
"8661981.exe"=C:\WINDOWS\TEMP\8661981.exe [2011-10-28 258048]
"7847201.exe"=C:\WINDOWS\TEMP\7847201.exe [2011-10-28 1946624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2010-01-16 323392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"Windows Audio Driver"=C:\Documents and Settings\Erika\Application Data\audiohd.exe [2010-05-22 48128]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe silent loginmode=4 []
"Steam"=C:\Program Files\Steam\Steam.exe [2011-09-28 1242448]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 19550344]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
GamePark klient 2.lnk - C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
Monitor.lnk - C:\Program Files\USB Video Camera\Monitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\VALVe\Counter-Strike Source\hl2.exe"="C:\Program Files\VALVe\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Documents and Settings\Erika\Desktop\warcraft 3\Warcraft III.exe"="C:\Documents and Settings\Erika\Desktop\warcraft 3\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Erika\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Documents and Settings\Erika\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.812\DRM\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.812\DRM\server.exe:*:Enabled:server"
"C:\Program Files\Ubisoft\Assassin's Creed II\server.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:server"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.500\DRM\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.500\DRM\server.exe:*:Enabled:server"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX01.656\DRM\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX01.656\DRM\server.exe:*:Enabled:server"
"C:\Program Files\Activision\Transformers - Revenge of the Fallen\Transformers2.exe"="C:\Program Files\Activision\Transformers - Revenge of the Fallen\Transformers2.exe:*:Enabled:Transformers(TM) - Revenge of the Fallen(TM)"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.093\offlineserver-v0.44\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.093\offlineserver-v0.44\server.exe:*:Enabled:server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX41.640\offlineserver-v0.4\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX41.640\offlineserver-v0.4\server.exe:*:Enabled:server"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX41.625\offlineserver-v0.4\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX41.625\offlineserver-v0.4\server.exe:*:Enabled:server"
"C:\Program Files\Ubisoft\DRM-AC2-OFFLINE.Server-v0.3.2\server.exe"="C:\Program Files\Ubisoft\DRM-AC2-OFFLINE.Server-v0.3.2\server.exe:*:Enabled:server"
"C:\Program Files\Ubisoft\Assassin's Creed II\DRM-AC2-OFFLINE.Server-v0.3.2\server.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\DRM-AC2-OFFLINE.Server-v0.3.2\server.exe:*:Disabled:server"
"C:\Program Files\Ubisoft\Assassin's Creed II\DRM-AC2-OFFLINE.Server-v0.3.2\mitm.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\DRM-AC2-OFFLINE.Server-v0.3.2\mitm.exe:*:Enabled:mitm"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"C:\Program Files\EA Games\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA Games\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"C:\Documents and Settings\Erika\Desktop\Blur\Blur.exe"="C:\Documents and Settings\Erika\Desktop\Blur\Blur.exe:*:Enabled:Blur"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*:Enabled:Combat Arms"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"C:\AeriaGames\WolfTeam\Wolfteam.bin"="C:\AeriaGames\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\SkypePortable\App\Skype\Phone\Skype.exe"="C:\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe"="C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe:*:Enabled:DiRT 3"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Documents and Settings\Erika\Desktop\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Erika\Desktop\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Erika\Desktop\EA Games\Command and Conquer Generals\game.dat"="C:\Documents and Settings\Erika\Desktop\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game"
"C:\Program Files\Steam\steamapps\illuzion_721\age of chivalry\hl2.exe"="C:\Program Files\Steam\steamapps\illuzion_721\age of chivalry\hl2.exe:*:Enabled:hl2"
"C:\Program Files\VALVe\hl.exe"="C:\Program Files\VALVe\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Erika\Desktop\Nový priečinok (3)\hl.exe"="C:\Documents and Settings\Erika\Desktop\Nový priečinok (3)\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\EA Games\Need for Speed Underground 2\SPEED2.EXE"="C:\Program Files\EA Games\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2"
"C:\Program Files\Steam\steamapps\illuzion_721\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\illuzion_721\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Erika\Desktop\wow 3.3.5\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"="C:\Documents and Settings\Erika\Desktop\wow 3.3.5\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Erika\My Documents\Downloads\Flash-Player.exe"="C:\Documents and Settings\Erika\My Documents\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Erika\My Documents\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.tray-2-0\svchost.exe"="C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-10-29 11:38:52 ----D---- C:\Program Files\trend micro
2011-10-29 11:38:51 ----D---- C:\rsit
2011-10-29 10:07:51 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-10-28 23:18:51 ----D---- C:\WINDOWS\ufa
2011-10-28 23:18:51 ----D---- C:\WINDOWS\rpcminer
2011-10-28 23:18:51 ----D---- C:\WINDOWS\phoenix
2011-10-28 23:18:29 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-10-28 23:16:56 ----HD---- C:\WINDOWS\update.5.0
2011-10-28 18:27:45 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-10-28 18:27:41 ----A---- C:\WINDOWS\unrar.exe
2011-10-28 18:27:12 ----HD---- C:\WINDOWS\update.2
2011-10-28 18:26:45 ----A---- C:\WINDOWS\iplist.txt
2011-10-28 18:26:34 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-10-28 18:26:12 ----A---- C:\WINDOWS\sysdriver32.exe
2011-10-28 18:25:53 ----D---- C:\WINDOWS\av_ico
2011-10-28 18:25:52 ----A---- C:\WINDOWS\front_ip_list.txt
2011-10-28 18:22:39 ----HD---- C:\WINDOWS\update.1
2011-10-28 18:22:31 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-10-28 18:22:31 ----HD---- C:\WINDOWS\update.tray-2-0
2011-10-28 18:22:30 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-10-28 18:22:30 ----HD---- C:\WINDOWS\update.tray-3-0
2011-10-28 18:13:01 ----A---- C:\WINDOWS\winlog-ids.txt
2011-10-28 18:13:01 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-10-28 18:12:57 ----A---- C:\WINDOWS\services32.exe
2011-10-26 07:48:26 ----SHD---- C:\Documents and Settings\All Users\Application Data\DSS
2011-10-23 16:51:53 ----D---- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-23 16:44:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-10-17 07:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-17 07:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-17 07:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-17 07:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2586448$
2011-10-07 21:20:30 ----D---- C:\Program Files\NCSoft
2011-10-03 17:48:24 ----D---- C:\Program Files\Common Files\DirectX
2011-10-03 17:37:47 ----D---- C:\Documents and Settings\Erika\Application Data\Hamachi
2011-10-03 17:37:37 ----A---- C:\WINDOWS\system32\drivers\hamachi.sys
2011-10-03 17:37:35 ----D---- C:\Program Files\Hamachi

======List of files/folders modified in the last 1 month======

2011-10-29 11:38:53 ----D---- C:\WINDOWS\Prefetch
2011-10-29 11:38:52 ----RD---- C:\Program Files
2011-10-29 11:29:48 ----D---- C:\Documents and Settings\Erika\Application Data\DNA
2011-10-29 11:07:26 ----D---- C:\Documents and Settings\Erika\Application Data\Skype
2011-10-29 10:51:51 ----D---- C:\WINDOWS\Temp
2011-10-29 10:50:14 ----D---- C:\Program Files\Steam
2011-10-29 10:49:44 ----D---- C:\Program Files\DNA
2011-10-29 10:49:38 ----D---- C:\Program Files\Common Files\Akamai
2011-10-29 10:48:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-29 10:10:33 ----D---- C:\Documents and Settings\Erika\Application Data\ICQ
2011-10-29 10:07:51 ----D---- C:\WINDOWS\system32\drivers
2011-10-29 01:53:17 ----D---- C:\WINDOWS
2011-10-29 00:15:02 ----SHD---- C:\WINDOWS\Installer
2011-10-29 00:14:36 ----RD---- C:\Program Files\Skype
2011-10-29 00:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-10-29 00:14:30 ----D---- C:\Program Files\Common Files
2011-10-29 00:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\Easybits GO
2011-10-28 19:14:04 ----D---- C:\WINDOWS\Minidump
2011-10-28 19:14:04 ----D---- C:\WINDOWS\Debug
2011-10-28 18:52:54 ----D---- C:\Documents and Settings\Erika\Application Data\PriceGong
2011-10-28 18:29:17 ----SHD---- C:\System Volume Information
2011-10-28 18:29:17 ----D---- C:\WINDOWS\system32\Restore
2011-10-28 18:27:40 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-28 18:26:47 ----D---- C:\Documents and Settings\Erika\Application Data\go
2011-10-28 18:24:29 ----A---- C:\boot.ini
2011-10-28 17:54:35 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-10-28 10:39:14 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-27 19:44:51 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-26 08:07:36 ----D---- C:\Documents and Settings\Erika\Application Data\BitTorrent
2011-10-25 21:32:41 ----D---- C:\WINDOWS\WinSxS
2011-10-23 21:11:36 ----D---- C:\Program Files\Opera
2011-10-23 17:00:10 ----SD---- C:\WINDOWS\Tasks
2011-10-23 17:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-10-23 16:59:27 ----D---- C:\Program Files\Common Files\Adobe
2011-10-23 16:59:12 ----D---- C:\WINDOWS\system32
2011-10-23 16:58:35 ----D---- C:\Program Files\Adobe
2011-10-23 16:53:16 ----D---- C:\Documents and Settings\Erika\Application Data\Adobe
2011-10-23 16:48:55 ----RSD---- C:\WINDOWS\Fonts
2011-10-23 08:59:41 ----HD---- C:\WINDOWS\inf
2011-10-17 18:35:42 ----RSD---- C:\WINDOWS\assembly
2011-10-17 18:31:00 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-17 15:06:23 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-17 14:58:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-17 07:48:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-17 07:44:56 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-17 07:44:50 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-17 07:42:38 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-07 14:24:53 ----A---- C:\WINDOWS\win.ini
2011-10-03 18:01:31 ----D---- C:\Program Files\EA Games
2011-10-03 17:38:18 ----D---- C:\Documents and Settings\Erika\Application Data\GetRightToGo
2011-10-02 00:39:22 ----D---- C:\AeriaGames
2011-10-02 00:38:58 ----D---- C:\Program Files\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-04-09 94360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-01-16 62336]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-01-16 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-03 5030912]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-01-16 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-14 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Ca2001v;CA2001 WebCam Driver; C:\WINDOWS\System32\Drivers\Ca2001v.sys [2008-02-19 2333568]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-10-03 17480]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-07-24 100736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2011-03-12 4096]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-09-13 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-14 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-03-22 75136]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2011-10-28 214520]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-10-28 344576]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-10-28 1946624]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-10-28 258048]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-10-28 1201152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 gupdate1caab44d4fd2f2e;Služba Google Update (gupdate1caab44d4fd2f2e); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-02-08 4067472]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2007-01-16 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

andy_721 · #2 Příspěvek od **andy_721** » 29 říj 2011 12:38

toto by malo byť ono =)

andy_721 · #3 Příspěvek od **andy_721** » 29 říj 2011 12:46

samozrejme, že vydržím, ďakujem ti veľmi pekne za pomoc

dúfam, že to víde

andy_721 · #4 Příspěvek od **andy_721** » 29 říj 2011 15:25

keď dám skenovať cez ten AVZ, tak dole je napísané LOG a pod tým sú naskenované údaje, neviem, kde by sa mi mala vytvoriť presne tá zložka

andy_721 · #5 Příspěvek od **andy_721** » 29 říj 2011 15:35

okey díky za obrázok, toto by malo byť už ono

andy_721 · #6 Příspěvek od **andy_721** » 29 říj 2011 16:24

Logfile of random's system information tool 1.09 (written by random/random)
Run by Erika at 2011-10-29 17:22:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 97 GB (41%) free of 238 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:22:26, on 29.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\USB Video Camera\Monitor.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ICQ7.4\ICQ.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\avz4\avz.exe
C:\Documents and Settings\Erika\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Erika.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
R3 - URLSearchHook: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Brothersoft - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O3 - Toolbar: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Audio HD Driver] C:\DOCUME~1\Erika\LOCALS~1\Temp\wininitd.exe
O4 - HKLM\..\Run: [Windows-Network Component] "C:\WINDOWS\system32\WUDHost.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Audio Driver] "C:\Documents and Settings\Erika\Application Data\audiohd.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\USB Video Camera\Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9182061156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9181240250
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Služba Google Update (gupdate1caab44d4fd2f2e) (gupdate1caab44d4fd2f2e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11729 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default

prefs.js - "browser.startup.homepage" - "http://start.facemoods.com/?a=vsl"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6, {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {e8de9422-3b2c-4243-bf6f-235da84d8ef8}:2.5.6.0, battlefieldheroespatcher@ea.com:5.0.31.0, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"
prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer]
"Description"=Zylom Games Player 1.00
"Path"=C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIZylomPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npzylomgamesplayer.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrchvsl.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\
battlefieldheroespatcher@ea.com
engine@conduit.com
ffxtlbr@Facemoods.com
{20a82645-c095-46ed-80e3-08825760534b}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{51a86bb3-6602-4c85-92a5-130ee4864f13}
{800b5000-a755-47e1-992b-48a1c1357f07}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{e8de9422-3b2c-4243-bf6f-235da84d8ef8}

C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll [2010-10-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-18 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
Brothersoft Toolbar - C:\Program Files\Brothersoft\prxtbBro0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]
{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Brothersoft Toolbar - C:\Program Files\Brothersoft\prxtbBro0.dll [2011-01-17 175912]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll [2011-01-17 175912]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll [2010-10-26 217088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-14 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-14 86016]
"Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2006-07-23 1126400]
"Launch LCDMon"=C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Audio HD Driver"=C:\DOCUME~1\Erika\LOCALS~1\Temp\wininitd.exe []
"Windows-Network Component"=C:\WINDOWS\system32\WUDHost.exe [2010-05-22 48128]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"4StoryPrePatch"=C:\Program Files\Gameforge4D\4Story\PrePatch.exe []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe [2010-10-26 323584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2010-01-16 323392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
"Windows Audio Driver"=C:\Documents and Settings\Erika\Application Data\audiohd.exe [2010-05-22 48128]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe silent loginmode=4 []
"Steam"=C:\Program Files\Steam\Steam.exe [2011-09-28 1242448]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 19550344]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
GamePark klient 2.lnk - C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
Monitor.lnk - C:\Program Files\USB Video Camera\Monitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\VALVe\Counter-Strike Source\hl2.exe"="C:\Program Files\VALVe\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Documents and Settings\Erika\Desktop\warcraft 3\Warcraft III.exe"="C:\Documents and Settings\Erika\Desktop\warcraft 3\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Erika\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Documents and Settings\Erika\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.812\DRM\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.812\DRM\server.exe:*:Enabled:server"
"C:\Program Files\Ubisoft\Assassin's Creed II\server.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:server"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.500\DRM\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.500\DRM\server.exe:*:Enabled:server"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX01.656\DRM\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX01.656\DRM\server.exe:*:Enabled:server"
"C:\Program Files\Activision\Transformers - Revenge of the Fallen\Transformers2.exe"="C:\Program Files\Activision\Transformers - Revenge of the Fallen\Transformers2.exe:*:Enabled:Transformers(TM) - Revenge of the Fallen(TM)"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.093\offlineserver-v0.44\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX00.093\offlineserver-v0.44\server.exe:*:Enabled:server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX41.640\offlineserver-v0.4\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX41.640\offlineserver-v0.4\server.exe:*:Enabled:server"
"C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX41.625\offlineserver-v0.4\server.exe"="C:\Documents and Settings\Erika\Local Settings\Temp\Rar$EX41.625\offlineserver-v0.4\server.exe:*:Enabled:server"
"C:\Program Files\Ubisoft\DRM-AC2-OFFLINE.Server-v0.3.2\server.exe"="C:\Program Files\Ubisoft\DRM-AC2-OFFLINE.Server-v0.3.2\server.exe:*:Enabled:server"
"C:\Program Files\Ubisoft\Assassin's Creed II\DRM-AC2-OFFLINE.Server-v0.3.2\server.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\DRM-AC2-OFFLINE.Server-v0.3.2\server.exe:*:Disabled:server"
"C:\Program Files\Ubisoft\Assassin's Creed II\DRM-AC2-OFFLINE.Server-v0.3.2\mitm.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\DRM-AC2-OFFLINE.Server-v0.3.2\mitm.exe:*:Enabled:mitm"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"C:\Program Files\EA Games\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA Games\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"C:\Documents and Settings\Erika\Desktop\Blur\Blur.exe"="C:\Documents and Settings\Erika\Desktop\Blur\Blur.exe:*:Enabled:Blur"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe"="C:\Program Files\EA Sports\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*:Enabled:Combat Arms"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"C:\AeriaGames\WolfTeam\Wolfteam.bin"="C:\AeriaGames\WolfTeam\Wolfteam.bin:*:Enabled:WolfTeam"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\SkypePortable\App\Skype\Phone\Skype.exe"="C:\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe"="C:\Program Files\Codemasters\DiRT 3\dirt3_game.exe:*:Enabled:DiRT 3"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Documents and Settings\Erika\Desktop\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Erika\Desktop\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Documents and Settings\Erika\Desktop\EA Games\Command and Conquer Generals\game.dat"="C:\Documents and Settings\Erika\Desktop\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game"
"C:\Program Files\Steam\steamapps\illuzion_721\age of chivalry\hl2.exe"="C:\Program Files\Steam\steamapps\illuzion_721\age of chivalry\hl2.exe:*:Enabled:hl2"
"C:\Program Files\VALVe\hl.exe"="C:\Program Files\VALVe\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Erika\Desktop\Nový priečinok (3)\hl.exe"="C:\Documents and Settings\Erika\Desktop\Nový priečinok (3)\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\EA Games\Need for Speed Underground 2\SPEED2.EXE"="C:\Program Files\EA Games\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2"
"C:\Program Files\Steam\steamapps\illuzion_721\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\illuzion_721\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\Erika\Desktop\wow 3.3.5\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"="C:\Documents and Settings\Erika\Desktop\wow 3.3.5\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Erika\My Documents\Downloads\Flash-Player.exe"="C:\Documents and Settings\Erika\My Documents\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Erika\My Documents\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.tray-2-0\svchost.exe"="C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-10-29 17:14:01 ----A---- C:\WINDOWS\system32\drivers\ujk0mtm2.sys
2011-10-29 17:14:00 ----A---- C:\WINDOWS\system32\drivers\utk0mtm2.sys
2011-10-29 16:34:09 ----D---- C:\Program Files\avz4
2011-10-29 14:30:13 ----D---- C:\Program Files\ESET
2011-10-29 11:38:52 ----D---- C:\Program Files\trend micro
2011-10-29 11:38:51 ----D---- C:\rsit
2011-10-29 10:07:51 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-10-28 23:18:51 ----D---- C:\WINDOWS\ufa
2011-10-28 23:18:51 ----D---- C:\WINDOWS\rpcminer
2011-10-28 23:18:51 ----D---- C:\WINDOWS\phoenix
2011-10-28 23:18:29 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-10-28 23:16:56 ----HD---- C:\WINDOWS\update.5.0
2011-10-28 18:27:45 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-10-28 18:27:41 ----A---- C:\WINDOWS\unrar.exe
2011-10-28 18:27:12 ----HD---- C:\WINDOWS\update.2
2011-10-28 18:26:45 ----A---- C:\WINDOWS\iplist.txt
2011-10-28 18:25:52 ----A---- C:\WINDOWS\front_ip_list.txt
2011-10-28 18:22:39 ----HD---- C:\WINDOWS\update.1
2011-10-28 18:13:01 ----A---- C:\WINDOWS\winlog-ids.txt
2011-10-28 18:13:01 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-10-26 07:48:26 ----SHD---- C:\Documents and Settings\All Users\Application Data\DSS
2011-10-23 16:51:53 ----D---- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-23 16:44:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-10-17 07:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-17 07:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-17 07:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-17 07:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2586448$
2011-10-07 21:20:30 ----D---- C:\Program Files\NCSoft
2011-10-03 17:48:24 ----D---- C:\Program Files\Common Files\DirectX
2011-10-03 17:37:47 ----D---- C:\Documents and Settings\Erika\Application Data\Hamachi
2011-10-03 17:37:37 ----A---- C:\WINDOWS\system32\drivers\hamachi.sys
2011-10-03 17:37:35 ----D---- C:\Program Files\Hamachi

======List of files/folders modified in the last 1 month======

2011-10-29 17:21:40 ----D---- C:\Documents and Settings\Erika\Application Data\Skype
2011-10-29 17:18:02 ----D---- C:\WINDOWS\Temp
2011-10-29 17:17:57 ----D---- C:\WINDOWS\Prefetch
2011-10-29 17:16:54 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-29 17:16:18 ----D---- C:\Program Files\Steam
2011-10-29 17:15:48 ----D---- C:\Program Files\Common Files\Akamai
2011-10-29 17:15:46 ----D---- C:\Program Files\DNA
2011-10-29 17:15:46 ----D---- C:\Documents and Settings\Erika\Application Data\DNA
2011-10-29 17:15:25 ----D---- C:\WINDOWS\system32\drivers
2011-10-29 17:14:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-29 17:14:17 ----D---- C:\WINDOWS
2011-10-29 16:39:56 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-29 16:34:09 ----RD---- C:\Program Files
2011-10-29 14:29:22 ----D---- C:\Documents and Settings\Erika\Application Data\ICQ
2011-10-29 00:15:02 ----SHD---- C:\WINDOWS\Installer
2011-10-29 00:14:36 ----RD---- C:\Program Files\Skype
2011-10-29 00:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-10-29 00:14:30 ----D---- C:\Program Files\Common Files
2011-10-29 00:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\Easybits GO
2011-10-28 19:14:04 ----D---- C:\WINDOWS\Minidump
2011-10-28 19:14:04 ----D---- C:\WINDOWS\Debug
2011-10-28 18:52:54 ----D---- C:\Documents and Settings\Erika\Application Data\PriceGong
2011-10-28 18:29:17 ----SHD---- C:\System Volume Information
2011-10-28 18:29:17 ----D---- C:\WINDOWS\system32\Restore
2011-10-28 18:27:40 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-28 18:26:47 ----D---- C:\Documents and Settings\Erika\Application Data\go
2011-10-28 18:24:29 ----A---- C:\boot.ini
2011-10-28 17:54:35 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-10-26 08:07:36 ----D---- C:\Documents and Settings\Erika\Application Data\BitTorrent
2011-10-25 21:32:41 ----D---- C:\WINDOWS\WinSxS
2011-10-23 21:11:36 ----D---- C:\Program Files\Opera
2011-10-23 17:00:10 ----SD---- C:\WINDOWS\Tasks
2011-10-23 17:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-10-23 16:59:27 ----D---- C:\Program Files\Common Files\Adobe
2011-10-23 16:59:12 ----D---- C:\WINDOWS\system32
2011-10-23 16:58:35 ----D---- C:\Program Files\Adobe
2011-10-23 16:53:16 ----D---- C:\Documents and Settings\Erika\Application Data\Adobe
2011-10-23 16:48:55 ----RSD---- C:\WINDOWS\Fonts
2011-10-23 08:59:41 ----HD---- C:\WINDOWS\inf
2011-10-17 18:35:42 ----RSD---- C:\WINDOWS\assembly
2011-10-17 18:31:00 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-17 15:06:23 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-17 14:58:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-17 07:48:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-17 07:44:56 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-17 07:44:50 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-17 07:42:38 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-07 14:24:53 ----A---- C:\WINDOWS\win.ini
2011-10-03 18:01:31 ----D---- C:\Program Files\EA Games
2011-10-03 17:38:18 ----D---- C:\Documents and Settings\Erika\Application Data\GetRightToGo
2011-10-02 00:39:22 ----D---- C:\AeriaGames
2011-10-02 00:38:58 ----D---- C:\Program Files\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-04-09 94360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-01-16 62336]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-01-16 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-03 5030912]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-01-16 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-14 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 utk0mtm2;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utk0mtm2.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Ca2001v;CA2001 WebCam Driver; C:\WINDOWS\System32\Drivers\Ca2001v.sys [2008-02-19 2333568]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-10-03 17480]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-07-24 100736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2011-03-12 4096]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-09-13 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 ujk0mtm2;AVZ-SG Kernel Driver; \??\C:\WINDOWS\system32\Drivers\ujk0mtm2.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-14 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-03-22 75136]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2011-10-28 214520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 gupdate1caab44d4fd2f2e;Služba Google Update (gupdate1caab44d4fd2f2e); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-02-08 4067472]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2007-01-16 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

andy_721 · #7 Příspěvek od **andy_721** » 29 říj 2011 17:02

OTL logfile created on: 29.10.2011 17:46:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Erika\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,64% Memory free
3,85 Gb Paging File | 3,16 Gb Available in Paging File | 81,94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 94,72 Gb Free Space | 40,67% Space Free | Partition Type: NTFS
Drive I: | 676,74 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 647,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ASUS | User Name: Erika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.10.29 17:43:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erika\Desktop\OTL.exe
PRC - [2011.10.26 10:10:47 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.09.22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011.07.29 15:38:18 | 000,409,088 | ---- | M] (Allstar Group, s.r.o.) -- C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
PRC - [2011.04.06 16:24:39 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.4\ICQ.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.01.16 17:46:21 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.16 19:32:18 | 000,249,856 | ---- | M] () -- C:\Program Files\USB Video Camera\Monitor.exe
PRC - [2006.07.23 03:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2004.08.22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe

========== Modules (No Company Name) ==========

MOD - [2011.10.26 10:10:46 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011.10.26 10:10:45 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011.10.26 10:09:09 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011.10.26 10:09:07 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011.10.26 10:09:06 | 001,745,992 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011.10.26 07:14:43 | 008,587,936 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2011.10.18 22:44:09 | 003,552,856 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll
MOD - [2010.09.16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
MOD - [2010.02.05 20:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009.12.20 19:46:40 | 000,327,680 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2009.12.12 16:12:04 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.01.14 12:49:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008.04.14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007.10.16 19:32:18 | 000,249,856 | ---- | M] () -- C:\Program Files\USB Video Camera\Monitor.exe
MOD - [2004.08.22 17:04:56 | 000,069,120 | ---- | M] () -- C:\WINDOWS\daemon.dll
MOD - [2004.05.25 17:06:58 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.ax
MOD - [2003.12.30 21:52:00 | 000,007,168 | ---- | M] () -- C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.10.18 22:44:09 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011.09.22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.02.08 19:30:00 | 004,067,472 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.10.06 19:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

========== Driver Services (SafeList) ==========

DRV - [2011.10.03 17:37:37 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.03.12 15:19:36 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2009.09.10 15:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.24 19:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.04.09 16:21:12 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.04.09 16:18:02 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.04.09 16:10:30 | 000,113,960 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.02.03 11:22:00 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.09.25 15:51:42 | 000,115,328 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.02.19 12:48:42 | 002,333,568 | ---- | M] (Digital Camera) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ca2001v.sys -- (Ca2001v)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004.08.22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=vsl"
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e8de9422-3b2c-4243-bf6f-235da84d8ef8}:2.5.6.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.15 01:30:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.15 01:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.10.29 17:26:27 | 000,000,000 | ---D | M]

[2010.05.19 20:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Extensions
[2011.09.07 12:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions
[2010.05.19 20:05:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.07 12:12:41 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011.09.07 12:12:43 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2011.09.07 12:12:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.07 12:12:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.02 21:01:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.07 12:12:52 | 000,000,000 | ---D | M] (Brothersoft Community Toolbar) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
[2010.09.19 19:26:55 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\battlefieldheroespatcher@ea.com
[2011.03.26 00:45:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com
[2011.07.29 00:39:10 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\ffxtlbr@Facemoods.com
[2011.06.20 14:07:12 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\conduit.xml
[2011.10.13 15:05:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\icqplugin-1.xml
[2011.08.18 21:40:40 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\icqplugin.gif
[2011.08.18 21:40:40 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\icqplugin.src
[2011.07.15 01:55:37 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\icqplugin.xml
[2011.08.22 16:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.29 00:15:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.02.26 00:33:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.22 16:01:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.02.26 00:33:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.07.08 09:52:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.03.22 04:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.01.01 10:00:00 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2010.01.01 10:00:00 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2010.01.01 10:00:00 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2010.12.27 12:03:32 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchvsl.xml
[2010.01.01 10:00:00 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2010.01.01 10:00:00 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2010.01.01 10:00:00 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\

O1 HOSTS File: ([2011.10.29 17:14:07 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Audio HD Driver] C:\DOCUME~1\Erika\LOCALS~1\Temp\wininitd.exe File not found
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" File not found
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows-Network Component] C:\WINDOWS\System32\WUDHost.exe ()
O4 - HKU\S-1-5-21-343818398-261478967-682003330-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-343818398-261478967-682003330-1003..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-343818398-261478967-682003330-1003..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - HKU\S-1-5-21-343818398-261478967-682003330-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-343818398-261478967-682003330-1003..\Run: [Windows Audio Driver] C:\Documents and Settings\Erika\Application Data\audiohd.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamePark klient 2.lnk = C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe (Allstar Group, s.r.o.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\USB Video Camera\Monitor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 9182061156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9181240250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.237.225.250 172.20.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1B60EBE-E9FF-428E-A052-1676E800B6D5}: DhcpNameServer = 85.237.225.250 172.20.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Erika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.25 17:45:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.10.26 02:40:24 | 000,000,000 | R--D | M] - I:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2004.10.26 02:40:24 | 000,684,032 | R--- | M] (Electronic Arts Inc.) - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2004.10.15 06:59:34 | 000,577,536 | R--- | M] (Electronic Arts Inc.) - I:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2004.10.26 02:46:32 | 000,000,105 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004.10.26 01:40:24 | 000,000,107 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{32cf1d61-c0ea-11df-aa00-002618dd28eb}\Shell - "" = AutoRun
O33 - MountPoints2\{32cf1d61-c0ea-11df-aa00-002618dd28eb}\Shell\AutoRun\command - "" = I:\setup.exe -- [2004.10.15 06:59:34 | 000,110,592 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{32cf1d62-c0ea-11df-aa00-002618dd28eb}\Shell - "" = AutoRun
O33 - MountPoints2\{32cf1d62-c0ea-11df-aa00-002618dd28eb}\Shell\AutoRun\command - "" = J:\RunGame.exe -- [2004.10.26 01:40:24 | 000,192,512 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{d091d088-edc0-11df-aa51-002618dd28eb}\Shell - "" = AutoRun
O33 - MountPoints2\{d091d088-edc0-11df-aa51-002618dd28eb}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 7 Days ==========

[2011.10.29 17:44:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erika\Desktop\OTL.exe
[2011.10.29 17:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011.10.29 17:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.10.29 16:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\avz4
[2011.10.29 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.29 11:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.10.29 11:38:51 | 000,000,000 | ---D | C] -- C:\rsit
[2011.10.29 00:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011.10.28 23:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.10.28 23:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.10.28 23:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.10.28 23:16:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.10.28 19:14:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Erika\Recent
[2011.10.28 18:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erika\Start Menu\Programs\Google Chrome
[2011.10.28 18:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2011.10.28 18:27:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.10.28 18:22:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.10.26 07:48:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011.10.26 07:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erika\My Documents\EA Games
[2011.10.25 22:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erika\Desktop\Medal of Honor
[2011.10.25 18:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erika\Desktop\Nový priečinok (2)
[2011.10.23 16:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011.10.23 16:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011.10.23 09:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erika\Desktop\DCIM
[2010.09.15 19:49:43 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2010.09.15 19:49:43 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2010.09.13 18:43:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Erika\Application Data\pcouffin.sys
[2010.02.08 11:55:50 | 002,855,560 | ---- | C] (UBISOFT) -- C:\Documents and Settings\Erika\Application Data\autorun.exe
[2009.12.24 20:16:13 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2009.12.24 19:56:08 | 002,020,136 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2011.10.29 17:47:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.10.29 17:43:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erika\Desktop\OTL.exe
[2011.10.29 17:26:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job
[2011.10.29 17:20:45 | 000,024,910 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\virusinfo_syscheck.zip
[2011.10.29 17:16:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.29 17:15:46 | 000,206,530 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.10.29 17:15:40 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.29 17:15:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.29 17:14:07 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.10.29 17:13:10 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.29 16:54:34 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.10.29 16:39:56 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.10.29 15:26:00 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
[2011.10.29 10:50:42 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hîsts
[2011.10.28 23:27:12 | 000,000,090 | ---- | M] () -- C:\WINDOWS\info1
[2011.10.28 23:18:50 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.10.28 23:18:50 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.10.28 23:18:50 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.10.28 23:18:49 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.10.28 21:57:29 | 000,671,371 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\DSC00471 (6).jpg
[2011.10.28 21:54:16 | 000,724,819 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\DSC00439 (5-2).jpg
[2011.10.28 21:53:23 | 000,709,457 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\DSC00468 (1).jpg
[2011.10.28 18:53:39 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\Google Chrome.lnk
[2011.10.28 18:53:39 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.10.28 18:27:41 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.10.28 18:27:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.10.28 18:24:29 | 000,000,215 | ---- | M] () -- C:\boot.ini
[2011.10.28 17:54:46 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.10.28 17:54:36 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011.10.27 23:27:41 | 000,514,518 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\IMG_27102011_231749.png
[2011.10.27 22:12:13 | 002,412,793 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\27102011390 (1).jpg
[2011.10.27 21:37:15 | 000,718,799 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\27102011403.jpg
[2011.10.25 18:50:00 | 002,866,413 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\P1090876.JPG
[2011.10.25 05:42:10 | 000,460,091 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\25102011368.jpg
[2011.10.25 05:41:44 | 000,498,236 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\25102011367.jpg
[2011.10.25 05:36:54 | 000,673,410 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\25102011366.jpg
[2011.10.25 05:36:38 | 000,572,198 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\25102011365.jpg
[2011.10.24 22:40:55 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.24 22:32:20 | 000,228,809 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\DSC00361.JPG
[2011.10.24 22:31:30 | 000,226,832 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\DSC00362.JPG
[2011.10.24 22:27:52 | 000,321,263 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\DSC00323.JPG
[2011.10.24 22:25:22 | 000,367,628 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\DSC00276.JPG
[2011.10.24 21:43:21 | 000,585,059 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\7620.jpg
[2011.10.24 21:29:33 | 000,117,567 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\217488_1598970984864_1553715884_31165083_6969647_n.jpg
[2011.10.24 21:27:15 | 003,268,510 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\P1090045.JPG
[2011.10.24 20:21:09 | 000,233,390 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\192327_1542084402735_1553715884_31097494_5352299_o.jpg
[2011.10.24 20:19:11 | 002,577,338 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\P1060930.JPG
[2011.10.24 20:17:41 | 003,939,020 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\P1080651.JPG
[2011.10.24 20:14:09 | 000,828,925 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\df.jpg
[2011.10.24 20:12:08 | 000,040,957 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\262826_1840553664280_1553715884_31432609_5507904_n.jpg
[2011.10.24 20:12:05 | 000,048,985 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\185558_1839279992439_1553715884_31431577_2643218_n.jpg
[2011.10.24 20:09:23 | 001,687,393 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\P1070537.JPG
[2011.10.24 20:05:17 | 003,903,268 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\fgnj.JPG
[2011.10.24 20:05:13 | 000,230,454 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\20110809081546790.bmp
[2011.10.24 20:05:09 | 000,230,454 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\20111018111419612.bmp
[2011.10.24 08:46:02 | 003,564,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.23 11:37:16 | 004,610,406 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\PA227864.JPG
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.29 17:47:47 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.10.29 16:35:17 | 000,024,910 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\virusinfo_syscheck.zip
[2011.10.29 10:07:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.10.29 00:14:36 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.10.28 23:18:50 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.10.28 23:18:50 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.10.28 23:18:49 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.10.28 21:57:28 | 000,671,371 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\DSC00471 (6).jpg
[2011.10.28 21:54:12 | 000,724,819 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\DSC00439 (5-2).jpg
[2011.10.28 21:53:21 | 000,709,457 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\DSC00468 (1).jpg
[2011.10.28 18:53:39 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\Google Chrome.lnk
[2011.10.28 18:53:39 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.10.28 18:27:42 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.10.28 18:27:41 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.10.28 18:27:41 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.10.28 18:27:10 | 000,000,090 | ---- | C] () -- C:\WINDOWS\info1
[2011.10.28 18:26:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.10.27 23:27:39 | 000,514,518 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\IMG_27102011_231749.png
[2011.10.27 22:12:09 | 002,412,793 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\27102011390 (1).jpg
[2011.10.27 21:36:25 | 000,718,799 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\27102011403.jpg
[2011.10.25 18:54:40 | 000,673,410 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\25102011366.jpg
[2011.10.25 18:54:40 | 000,572,198 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\25102011365.jpg
[2011.10.25 18:54:40 | 000,498,236 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\25102011367.jpg
[2011.10.25 18:54:40 | 000,460,091 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\25102011368.jpg
[2011.10.25 18:49:21 | 002,866,413 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\P1090876.JPG
[2011.10.24 22:32:19 | 000,228,809 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\DSC00361.JPG
[2011.10.24 22:31:28 | 000,226,832 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\DSC00362.JPG
[2011.10.24 22:27:51 | 000,321,263 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\DSC00323.JPG
[2011.10.24 22:25:22 | 000,367,628 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\DSC00276.JPG
[2011.10.24 21:43:13 | 000,585,059 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\7620.jpg
[2011.10.24 21:29:30 | 000,117,567 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\217488_1598970984864_1553715884_31165083_6969647_n.jpg
[2011.10.24 21:26:38 | 003,268,510 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\P1090045.JPG
[2011.10.24 20:21:04 | 000,233,390 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\192327_1542084402735_1553715884_31097494_5352299_o.jpg
[2011.10.24 20:18:33 | 002,577,338 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\P1060930.JPG
[2011.10.24 20:16:01 | 003,939,020 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\P1080651.JPG
[2011.10.24 20:13:56 | 000,828,925 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\df.jpg
[2011.10.24 20:12:04 | 000,040,957 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\262826_1840553664280_1553715884_31432609_5507904_n.jpg
[2011.10.24 20:12:02 | 000,048,985 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\185558_1839279992439_1553715884_31431577_2643218_n.jpg
[2011.10.24 20:08:34 | 001,687,393 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\P1070537.JPG
[2011.10.24 20:05:06 | 000,230,454 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\20111018111419612.bmp
[2011.10.24 20:05:06 | 000,230,454 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\20110809081546790.bmp
[2011.10.24 20:04:00 | 003,903,268 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\fgnj.JPG
[2011.10.23 16:44:32 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011.10.23 12:29:37 | 006,401,109 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\PA217778.JPG
[2011.10.23 11:36:37 | 004,610,406 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\PA227864.JPG
[2011.09.10 01:56:17 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2011.03.14 16:28:51 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011.03.12 15:19:36 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2011.01.24 19:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010.09.19 19:35:00 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010.09.15 23:44:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.09.13 18:43:21 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2010.09.13 18:43:07 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\ezpinst.exe
[2010.09.13 18:43:07 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.cat
[2010.09.13 18:43:07 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.inf
[2010.09.08 17:35:12 | 000,935,936 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\chrtmp
[2010.06.08 18:21:39 | 000,000,062 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010.05.22 20:56:14 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\WUDHost.exe
[2010.05.22 20:56:14 | 000,048,128 | -H-- | C] () -- C:\Documents and Settings\Erika\Application Data\audiohd.exe
[2010.05.18 18:34:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.06 19:28:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.04.06 19:28:47 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.04.06 19:28:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\$_hpcst$.hpc
[2010.02.28 15:25:21 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.20 08:41:36 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\PnkBstrK.sys
[2010.01.20 08:41:18 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.01.14 18:29:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.24 20:57:05 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.12.24 20:56:57 | 000,214,520 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009.12.24 20:14:58 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.12.24 20:01:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.11.25 23:00:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.25 18:25:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.11.25 18:24:12 | 003,564,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.25 18:01:55 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009.11.25 18:01:48 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.11.25 18:01:38 | 000,024,674 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.11.25 18:01:38 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.11.25 17:47:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.11.25 17:43:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.01.14 12:49:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.01.14 12:49:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.01.14 12:49:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.01.14 12:49:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009.01.14 12:49:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.01.14 12:49:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.01.14 12:49:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.01.14 12:49:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.09.27 15:48:10 | 000,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

andy_721 · #8 Příspěvek od **andy_721** » 29 říj 2011 17:02

[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 12:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 12:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004.08.04 02:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.01.07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 14:00:00 | 000,496,984 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 14:00:00 | 000,085,468 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010.08.30 22:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2011.10.26 07:48:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2010.12.10 19:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011.10.29 00:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2010.12.10 19:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011.10.29 17:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.04.06 16:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011.09.10 01:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2011.02.22 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2010.04.06 19:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.06.08 18:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011.10.23 16:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010.06.13 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011.02.26 20:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010.08.30 22:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Activision
[2009.12.24 20:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Allstar
[2011.10.26 08:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\BitTorrent
[2011.01.04 12:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\bizarre creations
[2011.10.29 17:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DNA
[2011.09.17 17:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DVDVideoSoft
[2011.03.28 21:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers
[2011.08.08 13:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\facemoods.com
[2010.09.25 00:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\fizzy
[2011.10.03 17:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\GetRightToGo
[2011.10.28 18:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\go
[2011.10.29 17:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\ICQ
[2011.09.10 01:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\iWin
[2010.09.27 16:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Leadertech
[2011.01.02 15:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\OpenCandy
[2009.12.24 19:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Opera
[2010.04.06 19:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PC Suite
[2010.06.08 18:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PopCapv1003
[2011.10.28 18:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PriceGong
[2011.03.22 16:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PunkBuster
[2010.05.15 20:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\RadioBar
[2011.06.15 15:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Rovio
[2010.04.06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Samsung
[2010.06.09 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\SpinTop Games
[2011.07.04 19:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\TeamViewer
[2011.06.20 18:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\TS3Client
[2010.06.13 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Ubisoft
[2011.08.22 15:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\uTorrent
[2011.03.12 15:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\VBA-M
[2010.09.15 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Vso
[2011.04.22 23:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Zoner

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" -- [2010.01.16 17:46:21 | 000,323,392 | ---- | M] (BitTorrent, Inc.)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 02:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2010.03.18 21:30:05 | 000,136,176 | ---- | M] (Google Inc.)
"Windows Audio Driver" = "C:\Documents and Settings\Erika\Application Data\audiohd.exe" -- [2010.05.22 20:56:08 | 000,048,128 | -H-- | M] ()
"EA Core" = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
"ICQ" = "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
"Steam" = "C:\Program Files\Steam\Steam.exe" -silent -- [2011.09.28 20:44:38 | 001,242,448 | ---- | M] (Valve Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.10.13 11:45:22 | 019,550,344 | R--- | M] (Skype Technologies S.A.)

< >

< MD5 for: ACPI.SYS >
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:acpi.sys
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:acpi.sys
[2008.04.13 20:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008.04.13 20:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=8FD99680A539792A30E97944FDAECF17 -- C:\WINDOWS\system32\drivers\acpi.sys
[2004.08.04 00:07:38 | 000,187,776 | ---- | M] (Microsoft Corporation) MD5=A10C7534F7223F4A73A948967D00E69B -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys

< MD5 for: AGP440.SYS >
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 02:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004.08.04 01:56:48 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CMD.EXE >
[2008.04.14 02:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=6D778E0F95447E6546553EEEA709D03C -- C:\WINDOWS\ServicePackFiles\i386\cmd.exe
[2008.04.14 02:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=6D778E0F95447E6546553EEEA709D03C -- C:\WINDOWS\system32\cmd.exe
[2004.08.04 01:56:50 | 000,388,608 | ---- | M] (Microsoft Corporation) MD5=EEB024F2C81F0D55936FB825D21A91D6 -- C:\WINDOWS\$NtServicePackUninstall$\cmd.exe

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2007.01.16 22:05:36 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=87F3E2D2A3231F820F9248DB90090F42 -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2008.04.14 02:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 02:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004.08.04 01:56:50 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.01.16 22:05:41 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=42D32722B805D7DF42D30487A0BCBD78 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: FASTFAT.SYS >
[2004.08.04 00:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
[2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
[2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys

< MD5 for: HAL.DLL >
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2007.01.16 22:05:45 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=E8C837F0AA77FF8B74F5C5167CD06B89 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: I8042PRT.SYS >
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2008.04.13 21:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008.04.13 21:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2004.08.04 00:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=5502B58EEF7486EE6F93F3F164DCB808 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys

< MD5 for: ISAPNP.SYS >
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.17 14:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.08.23 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\isapnp.sys
[2001.08.23 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\isapnp.sys

< MD5 for: KBDCLASS.SYS >
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:kbdclass.sys
[2009.11.25 23:24:16 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:kbdclass.sys
[2008.04.13 20:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys
[2008.04.13 20:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2004.08.03 23:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys

< MD5 for: LSASS.EXE >
[2004.08.04 01:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 21:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004.08.04 00:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: REGEDIT.EXE >
[2008.04.14 02:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\regedit.exe
[2008.04.14 02:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2004.08.04 01:56:56 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

< MD5 for: SCECLI.DLL >
[2004.08.04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008.04.14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 02:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004.08.04 01:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SMSS.EXE >
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 01:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010.08.17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2007.01.16 22:07:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2008.04.14 02:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008.04.14 02:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004.08.04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2007.01.16 22:07:06 | 000,360,704 | ---- | M] (Microsoft Corporation) MD5=9941382A1C2289F5FB4C87D0DAACC21C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USER32.DLL >
[2007.01.16 22:07:10 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 02:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2004.08.04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WIN32K.SYS >
[2010.06.23 15:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) MD5=2F2D6B7515363E855EE44D88199ADD5F -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2010.12.31 15:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) MD5=4F404415E13DDC541CB34294D266B65C -- C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
[2011.03.03 15:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) MD5=4F97E6BAAA847EA90EBBCD90A3FFA8E5 -- C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys
[2010.08.31 15:38:48 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=51420D569A883CC13D656783B2C86D8E -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2010.12.31 15:14:45 | 001,864,064 | ---- | M] (Microsoft Corporation) MD5=62FC2280FBEA1DCC64A276BCF71709D9 -- C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys
[2009.08.14 15:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) MD5=716ED09D8D9A9E1E4A03549B32B68186 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2010.05.02 12:04:16 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=A3D4A7B714D4A74B7CD4296302F1A9FA -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2010.08.31 15:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=A77B5764CD2106D36148CB5E5DDF6BC6 -- C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys
[2010.05.02 07:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) MD5=B9D41312F6D9FFA8D1D80488D9FDE849 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2011.06.02 16:07:35 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=BE79F0A0273DEF353BA5D1F43CBAD858 -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2011.09.06 15:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=BFE37C3B420D2CA00D83554182130D32 -- C:\WINDOWS\system32\dllcache\win32k.sys
[2011.09.06 15:20:51 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=BFE37C3B420D2CA00D83554182130D32 -- C:\WINDOWS\system32\win32k.sys
[2010.06.24 04:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=C0B2DA12C5CB448F9EA3AF16416745CB -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
[2011.09.06 15:25:11 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=C30AAF3B63F3BE3B515B50FB7292EA9F -- C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys
[2011.03.03 15:27:43 | 001,866,880 | ---- | M] (Microsoft Corporation) MD5=D302C0D9ADC931B598405D2C953B334B -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2008.04.13 21:30:10 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=DE01D79A607C7B9AE7FF88E934D0FFB2 -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2008.04.13 21:30:10 | 001,845,632 | ---- | M] (Microsoft Corporation) MD5=DE01D79A607C7B9AE7FF88E934D0FFB2 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2007.01.16 22:07:17 | 001,839,616 | ---- | M] (Microsoft Corporation) MD5=DF355510496FBF8D20E3B82A83414D14 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
[2010.10.26 15:25:00 | 001,853,312 | ---- | M] (Microsoft Corporation) MD5=E40E572FD5DA970921A893B05FB217D9 -- C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys
[2011.06.02 16:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=E97153BE7D053976348554EFD71C53A8 -- C:\WINDOWS\$NtUninstallKB2567053$\win32k.sys
[2010.10.26 15:27:10 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=ED970A04FDAEAB9D9A5FA9B25E9196A8 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2009.08.14 18:49:40 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=F6B54A56F02D24BF43E72662D44A6B14 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys

< MD5 for: WINLOGON.EXE >
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSRV.DLL >
[2008.04.14 02:12:09 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\$NtUninstallKB2121546$\winsrv.dll
[2008.04.14 02:12:09 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
[2011.06.20 19:43:21 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=3C733ABE4F13206414F670F86C5F79D8 -- C:\WINDOWS\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
[2010.06.18 19:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=42B5427FAC23BF6F1F31E466B7FEB084 -- C:\WINDOWS\$NtUninstallKB2507938$\winsrv.dll
[2010.06.18 19:43:57 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=6DC05976FB5B8E1358EAC8BEDFD1FA47 -- C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll
[2011.06.20 19:44:52 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=95CF3446911A6E25EE4086DF8A45B2AA -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2011.06.20 19:44:52 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=95CF3446911A6E25EE4086DF8A45B2AA -- C:\WINDOWS\system32\winsrv.dll
[2007.01.16 22:07:18 | 000,291,840 | ---- | M] (Microsoft Corporation) MD5=B5F602D0341ED1D35AF82BA25BA3EC7F -- C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll
[2011.04.26 13:07:50 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=EC0A223C4854E98A3AFB2C31B7B420A0 -- C:\WINDOWS\$NtUninstallKB2567680$\winsrv.dll
[2011.04.26 13:02:48 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=F52D3C601CF618479F9AD43B07599BED -- C:\WINDOWS\$hf_mig$\KB2507938\SP3QFE\winsrv.dll

< MD5 for: WS2_32.DLL >
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004.08.04 01:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007.04.09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008.07.06 14:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\Spool\prtprocs\*.* /s >
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007.04.09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll
[2008.07.06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008.07.06 14:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\drivers\*.sys /10 >
[2011.10.28 17:54:46 | 000,137,464 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[3 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 02:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 02:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 02:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 02:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 02:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 02:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 02:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004.07.17 12:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2008.04.14 02:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 02:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 02:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 02:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 02:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 02:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004.07.17 23:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2001.08.23 14:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2001.08.23 14:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2004.07.17 12:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 02:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 02:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
[3 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[3 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\*.* /10 >
[2011.10.24 08:46:02 | 003,564,888 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2011.10.29 17:15:46 | 000,206,530 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2011.10.28 17:54:35 | 000,214,520 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2011.10.28 17:54:36 | 000,214,520 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.xtr
[2011.10.29 17:16:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2009.11.25 18:23:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.11.25 18:23:30 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.11.25 18:23:30 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job >
[2011.10.29 17:15:40 | 000,000,920 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.10.29 17:13:10 | 000,000,924 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2011.10.29 15:26:00 | 000,000,964 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
[2011.10.29 17:26:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job

< %systemroot%\*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[3 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\*. /rp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >

< %ALLUSERSPROFILE%\Data Aplikácií\*.* >

< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010.08.30 22:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2011.10.23 17:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.11.25 23:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010.11.13 23:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011.10.26 07:48:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2010.12.10 19:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011.10.29 00:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2010.12.10 19:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011.10.29 17:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.04.06 16:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011.09.10 01:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009.11.25 18:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011.02.26 00:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011.06.22 12:02:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.02.22 19:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2010.02.11 23:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010.02.11 23:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010.04.06 19:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.06.08 18:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011.10.23 16:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011.10.29 00:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.09.24 00:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011.02.26 00:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.02.11 23:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010.06.13 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009.11.25 22:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011.02.26 20:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.11.13 23:02:40 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
[2010.11.13 23:02:44 | 000,056,765 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
[2010.11.13 23:02:40 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
[2010.11.13 23:02:35 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
[2010.11.13 23:01:34 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
[2010.11.13 23:01:01 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
[2010.11.13 23:02:41 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe
[2010.11.13 23:02:44 | 000,056,997 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
[2011.05.29 11:01:00 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\Documents and Settings\All Users\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 11:01:01 | 000,014,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 11:01:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\Documents and Settings\All Users\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.02.22 19:08:03 | 000,155,648 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009.11.25 23:31:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %APPDATA%\*. >
[2010.08.30 22:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Activision
[2011.10.23 16:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Adobe
[2009.12.29 16:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Ahead
[2009.12.24 20:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Allstar
[2011.10.26 08:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\BitTorrent
[2011.01.04 12:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\bizarre creations
[2009.11.25 23:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\CyberLink
[2010.02.28 15:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DivX
[2011.10.29 17:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DNA
[2011.09.17 17:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DVDVideoSoft
[2011.03.28 21:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers
[2011.08.08 13:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\facemoods.com
[2010.09.25 00:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\fizzy
[2011.10.03 17:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\GetRightToGo
[2011.10.28 18:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\go
[2010.04.18 21:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Google
[2011.10.03 20:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Hamachi
[2011.10.29 17:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\ICQ
[2009.11.25 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Identities
[2009.11.25 18:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\InstallShield
[2011.09.10 01:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\iWin
[2010.09.27 16:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Leadertech
[2009.12.24 20:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Macromedia
[2010.10.21 16:42:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Erika\Application Data\Microsoft
[2010.05.19 20:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Mozilla
[2011.01.02 15:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\OpenCandy
[2009.12.24 19:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Opera
[2010.04.06 19:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PC Suite
[2010.06.08 18:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PopCapv1003
[2011.10.28 18:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PriceGong
[2011.03.22 16:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PunkBuster
[2010.05.15 20:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\RadioBar
[2011.06.15 15:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Rovio
[2010.04.06 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Samsung
[2010.06.02 21:28:17 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Erika\Application Data\SecuROM
[2011.10.29 17:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Skype
[2011.05.28 22:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\SkypePM
[2010.06.09 18:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\SpinTop Games
[2011.02.26 00:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Sun
[2010.05.30 13:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\teamspeak2
[2011.07.04 19:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\TeamViewer
[2011.06.20 18:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\TS3Client
[2010.06.13 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Ubisoft
[2011.08.22 15:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\uTorrent
[2011.03.12 15:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\VBA-M
[2010.04.22 20:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\vlc
[2010.09.15 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Vso
[2010.01.11 17:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\WinRAR
[2011.04.22 23:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Zoner

< %APPDATA%\*.* >
[2010.04.06 19:28:40 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\$_hpcst$.hpc
[2010.05.22 20:56:08 | 000,048,128 | -H-- | M] () -- C:\Documents and Settings\Erika\Application Data\audiohd.exe
[2010.02.08 11:55:50 | 002,855,560 | ---- | M] (UBISOFT) -- C:\Documents and Settings\Erika\Application Data\autorun.exe
[2010.09.09 20:28:11 | 000,935,936 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\chrtmp
[2009.11.25 18:24:58 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Erika\Application Data\desktop.ini
[2010.09.15 23:33:45 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\ezpinst.exe
[2010.09.15 23:33:45 | 000,007,176 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.cat
[2010.09.15 23:33:45 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.inf
[2010.09.15 23:33:46 | 000,000,033 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.log
[2010.09.15 23:33:45 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Erika\Application Data\pcouffin.sys
[2010.09.19 19:35:25 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\PnkBstrK.sys
[2010.05.19 18:10:41 | 000,000,085 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\toolbar_log.txt

< %APPDATA%\*.exe /s >
[2010.05.22 20:56:08 | 000,048,128 | -H-- | M] () -- C:\Documents and Settings\Erika\Application Data\audiohd.exe
[2010.02.08 11:55:50 | 002,855,560 | ---- | M] (UBISOFT) -- C:\Documents and Settings\Erika\Application Data\autorun.exe
[2010.09.15 23:33:45 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\ezpinst.exe
[2011.08.10 12:06:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{3E175C63-14BA-4A53-A491-963A457AB5B0}\_42BCB8CCE14BD69FF66A4C.exe
[2011.08.10 12:06:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{3E175C63-14BA-4A53-A491-963A457AB5B0}\_683455903ED4EDB2E2473B.exe
[2011.08.10 12:06:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{3E175C63-14BA-4A53-A491-963A457AB5B0}\_B06E588366D12615116B42.exe
[2010.08.16 13:59:36 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2010.08.16 13:59:36 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2010.08.16 13:59:36 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2011.08.11 18:44:45 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.08.19 23:46:28 | 001,312,120 | ---- | M] (EA Digital Illusions CE AB) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2011.01.02 15:39:10 | 000,349,296 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\OpenCandy\OpenCandy_7F2241264F3D408299A86A96457A57D7\DLMgr_3_1.6.87.exe
[2011.02.24 17:07:45 | 000,835,440 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\PunkBuster\pbsetup\pbsvc.exe
[2010.11.29 23:36:08 | 002,137,088 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Documents and Settings\Erika\Application Data\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
[2011.04.22 23:13:31 | 012,385,760 | ---- | M] (ZONER software ) -- C:\Documents and Settings\Erika\Application Data\Zoner\NLMDB\product.0034\autoupdate.us\ZPS13_Update_Build06.exe

< %SYSTEMDRIVE%\*.exe >
[2011.06.03 04:00:57 | 000,020,480 | -H-- | M] () -- C:\Kaspersky.exe

< %systemroot%\system32|bak;true;false;false /fp >

< %PROGRAMFILES%|bak;true;false;false /fp >

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2011.07.08 09:52:57 | 000,924,632 | ---- | M] (Mozilla Corporation) MD5=5FB5D1A2267831208B4EE46149AF7B18 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008.04.14 02:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2011.10.23 21:11:17 | 000,947,056 | ---- | M] (Opera Software) MD5=99C904854E154E903C8EAC4329DD48C2 -- C:\Program Files\Opera\opera.exe

< %ALLUSERSPROFILE%\Data Aplikací\Google\Chrome\Application\chrome.exe /md5 >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-17 05:48:49

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
PENDINGFILERENAMEOPERATIONS REG_MULTI_SZ \??\C:\WINDOWS\system32\DRIVERS\SETBB.tmp\0!\??\C:\WINDOWS\system32\DRIVERS\ehdrv.sys\0\??\C:\WINDOWS\system32\DRIVERS\SETC3.tmp\0!\??\C:\WINDOWS\system32\DRIVERS\eamon.sys\0\??\C:\WINDOWS\system32\DRIVERS\SETCB.tmp\0!\??\C:\WINDOWS\system32\DRIVERS\epfwtdir.sys\0\??\C:\DOCUME~1\Erika\LOCALS~1\Temp\EsetTempDir\ei_13.msi\0\0\??\C:\DOCUME~1\Erika\LOCALS~1\Temp\EsetTempDir\\0\0\0

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.10.29 17:47:47 | 000,000,512 | ---- | M] () MD5=1851A84A3B9A258603676004A5DA684A -- C:\PhysicalMBR.bin

< bcdedit /v >C:\boot.txt /c >

< type C:\boot.txt >> test1.txt /c >

< >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems" /v Windows /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\SUBSYSTEMS
WINDOWS REG_EXPAND_SZ %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< >

========== Files - Unicode (All) ==========
[2011.10.02 19:43:49 | 000,000,000 | ---D | M](C:\Documents and Settings\Erika\Desktop\????? ????????. ???????? ????????? (2011)) -- C:\Documents and Settings\Erika\Desktop\Жажда Скорости. Весеннее Ускорение (2011)
[2011.04.04 22:55:33 | 000,000,000 | ---D | C](C:\Documents and Settings\Erika\Desktop\????? ????????. ???????? ????????? (2011)) -- C:\Documents and Settings\Erika\Desktop\Жажда Скорости. Весеннее Ускорение (2011)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

< End of report >

andy_721 · #9 Příspěvek od **andy_721** » 29 říj 2011 17:06

jj počítač mi ide omnoho rýchlejšie, ako mám dať analyzovať ten súbor cez tú stránku? mám dať iba upload file alebo čo presnejšie?

andy_721 · #10 Příspěvek od **andy_721** » 29 říj 2011 17:14

dal som analyzovať ten PhysicalMBR.bin, pošlem ti screen, čo tam je vypísané, lebo neviem, čo z toho ti mám poslať, ptm ten súbor svchost, tiež takto analyzovať?

andy_721 · #11 Příspěvek od **andy_721** » 29 říj 2011 17:49

ten program rku stále pracuje, o chvíľku budú aj screeny, nevadí ak prídete až zajtra,

), dovtedy by sa hádam nič vážne nemalo stať, dúfam

andy_721 · #12 Příspěvek od **andy_721** » 29 říj 2011 17:58

tuto sú screeny z VT

andy_721 · #13 Příspěvek od **andy_721** » 29 říj 2011 18:02

tu je report z rku

andy_721 · #14 Příspěvek od **andy_721** » 29 říj 2011 19:00

ComboFix 11-10-29.05 - Erika 29.10.2011 19:52:19.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1407 [GMT 2:00]
Running from: c:\documents and settings\Erika\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Erika\Application Data\audiohd.exe
c:\documents and settings\Erika\Application Data\autorun.exe
c:\documents and settings\Erika\Application Data\chrtmp
c:\documents and settings\Erika\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Erika\Application Data\PriceGong\Data\z.xml
C:\kaspersky.exe
c:\program files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\windows\btc_client_iplist.txt
c:\windows\daemon.dll
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\kb913800.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ST6UNST.000
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\WUDHost.exe
c:\windows\ufa.rar
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 )))))))))))))))))))))))))))))))
.
.
2011-10-29 16:08 . 2011-10-29 16:08 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-10-29 15:47 . 2011-10-29 15:47 512 ----a-w- C:\PhysicalMBR.bin
2011-10-29 15:26 . 2011-10-29 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-10-29 14:34 . 2011-10-29 15:14 -------- d-----w- c:\program files\avz4
2011-10-29 12:30 . 2011-10-29 15:26 -------- d-----w- c:\program files\ESET
2011-10-29 09:38 . 2011-10-29 15:22 -------- d-----w- c:\program files\trend micro
2011-10-29 09:38 . 2011-10-29 09:39 -------- d-----w- C:\rsit
2011-10-29 08:07 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-28 21:18 . 2011-10-29 15:14 -------- d-----w- c:\windows\ufa
2011-10-28 16:27 . 2011-10-28 21:18 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 05:48 . 2011-10-26 05:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\DSS
2011-10-23 14:51 . 2011-10-23 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-23 14:44 . 2011-10-23 14:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-18 07:34 . 2011-10-18 07:34 4590240 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-07 19:20 . 2011-10-17 13:06 -------- d-----w- c:\program files\NCSoft
2011-10-03 15:48 . 2011-10-03 16:34 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\NFS Underground 2
2011-10-03 15:48 . 2011-10-03 15:48 -------- d-----w- c:\program files\Common Files\DirectX
2011-10-03 15:37 . 2011-10-03 18:56 -------- d-----w- c:\documents and settings\Erika\Application Data\Hamachi
2011-10-03 15:37 . 2011-10-03 15:37 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-10-03 15:37 . 2011-10-03 15:37 -------- d-----w- c:\program files\Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-28 15:54 . 2009-12-24 18:57 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-10-28 15:54 . 2009-12-24 18:56 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-28 15:54 . 2009-12-24 18:56 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-10-18 12:42 . 2011-06-09 19:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-03 23:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2007-01-16 20:07 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2007-01-16 20:07 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2004-08-03 21:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2004-08-03 21:59 369664 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-03 22:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-12 11:51 . 2009-11-25 21:26 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-08-09 12:24 . 2009-04-09 14:10 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2009-04-09 14:21 103112 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-08-04 07:20 . 2009-04-09 14:18 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-12-24 18:16 . 2009-12-24 18:16 1924200 ----a-w- c:\program files\install_flash_player.exe
2009-12-24 17:56 . 2009-12-24 17:56 2020136 ----a-w- c:\program files\SkypeSetup.exe
2011-07-08 07:52 . 2011-07-14 23:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Brothersoft\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-16 323392]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-28 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13680640]
"nwiz"="nwiz.exe" [2009-01-14 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\Activision\Call of Duty 2\GamePark2\gpcl.exe [2011-8-9 409088]
Monitor.lnk - c:\program files\USB Video Camera\Monitor.exe [2007-10-16 249856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\Erika\\Desktop\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steamapps\\illuzion_721\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Erika\\Desktop\\Nový priečinok (3)\\hl.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Underground 2\\SPEED2.EXE"=
"c:\\Documents and Settings\\Erika\\Desktop\\wow 3.3.5\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15.9.2010 19:49 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15.9.2010 19:49 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 16:18 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.4.2009 16:21 103112]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4.8.2004 1:56 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.12.2009 20:20 247096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate1caab44d4fd2f2e;Služba Google Update (gupdate1caab44d4fd2f2e);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2010 20:05 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.11.2009 18:04 1684736]
S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [19.2.2008 12:48 2333568]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6.4.2010 19:28 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2010 20:05 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [11.11.2010 20:25 100736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13.9.2010 18:43 47360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 18:05]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 18:05]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
- c:\documents and settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 19:30]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job
- c:\documents and settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.garena.com/
uDefault_Search_URL =
mSearch Bar =
uSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 85.237.225.250 172.20.0.1
FF - ProfilePath - c:\documents and settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=vsl
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
HKCU-Run-Windows Audio Driver - c:\documents and settings\Erika\Application Data\audiohd.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-ICQ - c:\program files\ICQ7.2\ICQ.exe
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
HKLM-Run-Windows-Network Component - c:\windows\system32\WUDHost.exe
HKLM-Run-4StoryPrePatch - c:\program files\Gameforge4D\4Story\PrePatch.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-29 19:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-261478967-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:75,78,7e,1e,92,05,05,84,bf,27,a0,9e,29,e0,74,23,ec,77,7f,45,6d,
48,2d,9f,cd,21,f4,40,c6,64,0c,46,79,7d,e7,00,f9,e6,31,93,d9,f1,f7,be,c1,8b,\
"rkeysecu"=hex:dc,44,e3,f1,ba,72,41,5c,27,64,02,98,34,37,db,57
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1444)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\mslbui.dll
.
Completion time: 2011-10-29 19:59:01
ComboFix-quarantined-files.txt 2011-10-29 17:58
.
Pre-Run: 101 827 100 672 bytes free
Post-Run: 18 adresárov, 101 781 250 048 voľných bajtov
.
- - End Of File - - F5BDCEC407E3C05BDAC1420EB3B4F8FE

andy_721 · #15 Příspěvek od **andy_721** » 30 říj 2011 11:04

bré ráno,

, jj pozrite sa, dúfam, že to už bude viacmenej v poriadku a že sa to bude dať vyliečiť

VIRY.CZ

FB vír. pls help

FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help