worman (KONTROLA LOGOV) NOVÉ ..

[riffman]

ad 1 - prave proto se na to ptam

ad 2 - jde mi o tohle:

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

takze pro sichr otestujte C:\Windows\system32\msconfig.exe otestujte na VIRUSTOTALu

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

[worman]

AhnLab-V3 2008.3.12.0 2008.03.12 -
AntiVir 7.6.0.73 2008.03.12 -
Authentium 4.93.8 2008.03.11 -
Avast 4.7.1098.0 2008.03.11 -
AVG 7.5.0.516 2008.03.12 -
BitDefender 7.2 2008.03.12 -
CAT-QuickHeal 9.50 2008.03.10 -
ClamAV 0.92.1 2008.03.12 -
DrWeb 4.44.0.09170 2008.03.12 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5608 2008.03.12 -
Ewido 4.0 2008.03.12 -
F-Prot 4.4.2.54 2008.03.11 -
F-Secure 6.70.13260.0 2008.03.12 -
FileAdvisor 1 2008.03.12 -
Fortinet 3.14.0.0 2008.03.12 -
Ikarus T3.1.1.20 2008.03.12 -
Kaspersky 7.0.0.125 2008.03.12 -
McAfee 5249 2008.03.11 -
Microsoft 1.3301 2008.03.12 -
NOD32v2 2941 2008.03.12 -
Norman 5.80.02 2008.03.12 -
Panda 9.0.0.4 2008.03.12 -
Prevx1 V2 2008.03.12 -
Rising 20.35.22.00 2008.03.12 -
Sophos 4.27.0 2008.03.12 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.12 -
TheHacker 6.2.92.243 2008.03.12 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.12 -
Webwasher-Gateway 6.6.2 2008.03.12 -
Rozšiřující informace
File size: 222208 bytes
MD5: 1bb128a09911a936e8efc30c3f6c597c
SHA1: ab3db30c395cee3661513ac1da412044e907e037
PEiD: -


... a ten log OK?

Dakujem!

[riffman]

prave ze OK, vy snad mate nejake trable?

[worman]

prave ze OK, vy snad mate nejake trable?

Ja som rozbehal novy komp a iba som dal klasicku kontrolu logu.
Dakujem

[riffman]

aha tak nemate zac

[worman]

Dobry den, prosim o kontrolu mam tam nejakych trojanov aj adware mylsim a nedaju sa mi odstranit v Spybot Search and Destroy s tym programom som nemal nikdy problemy az do dnes. Vopred Vam dakujem za log aj nejake rady



Logfile of HijackThis v1.99.1
Scan saved at 9:04:11, on 30. 10. 2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\BR040286.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\My Programs\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://breedband.telenet.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://breedband.telenet.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telenet Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: CSS2 module - {7A9077BD-05AE-4fdf-AB2E-4128C43C4635} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: eNetHook.dll,avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JNS - Unknown owner - C:\Users\Pekowski\AppData\Local\Temp\JNS.exe (file missing)
O23 - Service: KKGLMLO - Unknown owner - C:\Users\Pekowski\AppData\Local\Temp\KKGLMLO.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: YBZNHXLKK - Unknown owner - C:\Users\Pekowski\AppData\Local\Temp\YBZNHXLKK.exe (file missing)

[worman]

Pomoze mi niekto prosim?

[riffman]

ale to vite ze jo...

pro priste sem ladujte logy z novejsi verze HJT, tahle uz neco pamatuje a neni tam toho moc videt, OK?

ted - stahnete a ulozte nejlepe na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[worman]

Tak tuto mate, paci sa a prosim vas mozte mi este poradit nejaky antyspywar? Pouzivam terminator ale nikdy mi nic nenajde a mal som spybot a tam nachadzal vzdy nieco ale potom niektore sa nedaju vymazat, lebo nieje z vistou za dobre. Vopred dakujem


ComboFix 08-10-30.12 - Pekowski 2008-10-31 12:11:56.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.1131 [GMT 1:00]
Running from: C:\Users\Pekowski\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-30 12:23 . 2008-10-31 10:55 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-10-30 12:20 . 2008-10-31 12:09 <DIR> d-------- C:\Users\Pekowski\AppData\Roaming\Spyware Terminator
2008-10-30 12:20 . 2008-10-30 15:55 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-10-30 12:20 . 2008-10-30 15:55 <DIR> d-------- C:\ProgramData\Spyware Terminator
2008-10-30 12:20 . 2008-10-30 12:22 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-10-30 12:20 . 2008-10-30 12:20 <DIR> d-------- C:\Program Files\Crawler
2008-10-30 12:20 . 2008-10-30 12:20 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-10-30 11:55 . 2008-10-30 12:00 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-10-29 22:34 . 2008-10-30 01:49 <DIR> d-------- C:\Program Files\SmartShopper
2008-10-28 18:37 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 18:37 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-28 18:37 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-22 23:09 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-22 23:09 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-22 23:09 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-22 23:09 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-22 23:09 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-18 21:33 . 2008-10-18 21:33 <DIR> d-------- C:\Program Files\KONAMI
2008-10-15 22:37 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 22:37 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 22:37 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 22:37 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 22:37 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 22:37 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-02 19:21 . 2008-10-02 19:21 <DIR> d-------- C:\Users\Pekowski\AppData\Roaming\vlc
2008-10-02 18:07 . 2008-10-02 18:07 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-30 21:02 . 2008-10-01 13:34 <DIR> d-------- C:\Program Files\EA GAMES
2008-09-26 08:08 . 2008-09-26 08:08 <DIR> d-------- C:\Windows\PCHEALTH
2008-09-26 08:08 . 2008-09-26 08:08 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-26 08:06 . 2008-09-26 08:06 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-26 08:02 . 2008-09-26 08:02 <DIR> dr-h----- C:\MSOCache
2008-09-22 19:02 . 2008-09-22 19:05 <DIR> d-a------ C:\Users\All Users\TEMP
2008-09-22 19:02 . 2008-09-22 19:05 <DIR> d-a------ C:\ProgramData\TEMP
2008-09-20 15:09 . 2008-10-30 12:01 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-20 15:09 . 2008-10-30 12:01 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-20 15:09 . 2008-10-30 12:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-20 14:56 . 2008-10-31 10:53 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-09-20 14:56 . 2008-09-22 16:37 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-20 14:56 . 2008-09-22 16:38 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-09-20 14:56 . 2008-09-22 16:37 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-20 14:55 . 2008-09-20 14:55 <DIR> d-------- C:\Program Files\AVG
2008-09-10 19:04 . 2008-07-31 02:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 19:04 . 2008-08-02 02:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 19:04 . 2008-06-26 04:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 19:04 . 2008-06-26 04:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 19:04 . 2008-05-08 20:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 19:04 . 2008-05-20 03:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 19:04 . 2008-06-26 04:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 19:04 . 2008-08-02 04:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 19:04 . 2008-07-31 04:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-01 21:19 . 2008-09-01 21:22 <DIR> d-------- C:\Users\Pekowski\AppData\Roaming\DivX
2008-09-01 21:18 . 2008-10-29 21:54 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-09-01 21:17 . 2008-10-29 21:55 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 16:28 --------- d-----w C:\Users\Pekowski\AppData\Roaming\uTorrent
2008-10-29 20:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-16 01:09 --------- d-----w C:\Program Files\Windows Mail
2008-09-26 07:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-26 07:10 --------- d-----w C:\Program Files\MSBuild
2008-09-26 07:10 --------- d-----w C:\Program Files\Microsoft Works
2008-09-25 13:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 16:08 --------- d-----w C:\Program Files\ICQ6
2008-09-20 13:55 --------- d-----w C:\ProgramData\Avg8
2008-09-14 19:46 --------- d-----w C:\ProgramData\CyberLink
2008-09-14 19:46 --------- d-----w C:\Program Files\CyberLink
2008-09-14 12:57 --------- d-----w C:\Program Files\SopCast
2008-09-06 20:17 --------- d-----w C:\Users\Pekowski\AppData\Roaming\ICQ
2008-08-30 21:12 --------- d-----w C:\Program Files\Acer Inc
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-25 08:34 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-07-23 16:50 129,784 ------w C:\Windows\System32\pxafs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-18 05:13 174 --sha-w C:\Program Files\desktop.ini
2008-06-10 08:45 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-06-10 08:45 56 ---ha-w C:\ProgramData\ezsidmv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"BisonInst0402"="C:\Windows\BR040286.exe" [2007-05-09 69632]
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 13312]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 227840]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-30 1783808]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

C:\Users\Pekowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll,avgrsstx.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-01-17 17:01 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 16:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-12-08 09:24 614400 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 15:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 03:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 16:18 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{99692A0A-9C86-4529-A6AB-EFA136359B76}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{32D1BF4D-9708-4ADF-B4DE-31A54FB8B874}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3F9FACDB-6163-42A9-82C8-70F2168372CA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD99441F-1A85-47BC-8E1E-A1017C822B1C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{431DE57B-1584-409D-B555-EA1101BB014A}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{8EF417C5-0849-4BC6-AD47-6BE6894B3369}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"{8E9668B5-5AB7-4697-B9C7-D3E4AA4EB03E}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{03A4C476-8B33-4438-8A19-A14940E0C22B}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{452F5721-3071-4180-80F8-E00C174033F2}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{FFF90095-B635-42BB-A748-B057B90B9083}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= UDP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"UDP Query User{907B1AD5-1C77-4F39-A752-599A0DB62DCC}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= TCP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"TCP Query User{D4D2F1F5-570A-4F06-A0EF-74BAE6D4C0D7}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= UDP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"UDP Query User{570FD367-263D-4F47-81C0-5A0071C4A8A5}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= TCP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"TCP Query User{3605FA54-6B73-4EE1-B1B1-F68105ADBE5C}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{360E7E02-41B8-426F-AB8E-0D2F5DC8E6A9}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{267AD6DC-F40F-4E9C-9E8A-D31557C4E8FF}D:\\instal games\\3do\\heroes3\\heroes3.exe"= UDP:D:\instal games\3do\heroes3\heroes3.exe:Heroes of Might and Magic® III
"UDP Query User{1E184511-8018-43B4-B6DD-89D1FEBE49FC}D:\\instal games\\3do\\heroes3\\heroes3.exe"= TCP:D:\instal games\3do\heroes3\heroes3.exe:Heroes of Might and Magic® III
"TCP Query User{EB91A035-D785-4D52-A0D1-3D167A8D05E7}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{F5545B6A-DAD2-45D3-B1E3-DAEACCD21D96}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{51611557-BCA8-4CDD-9DB7-E502F5C40F57}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{58BCD144-8F9C-4402-B931-487A79115D90}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A3218522-07F2-4A40-857D-D3CB87CECC1F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2C79D543-5C2F-4773-8701-D28C6D43FEA6}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{91534AD3-CDB9-4ED4-97E0-60D1B3683008}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{CE4D34C2-4D80-4542-9508-CE9B74CB8A57}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{93FE2FB2-E2AD-4FA7-9F42-0B640504873A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{821514BB-4EF0-4554-98B5-AF030708EDBB}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{B85AF630-12FD-40BD-99CE-9B085AE44E6C}C:\\my programs\\nhl\\irc\\mirc.exe"= UDP:C:\my programs\nhl\irc\mirc.exe:mIRC
"UDP Query User{B452DAFA-AD6D-42CA-AA08-75F01D849F08}C:\\my programs\\nhl\\irc\\mirc.exe"= TCP:C:\my programs\nhl\irc\mirc.exe:mIRC
"TCP Query User{F628FB9B-63C1-4DC8-B161-6BB4BE18E29C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{223D24B6-6A09-4DE7-AE79-1B9FBBA2734E}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{25E12809-B89B-4882-8688-EF5FB0CE7A8A}"= UDP:C:\My Programs\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{6188EAFF-18BF-462E-BEDF-63CDB2916C81}"= TCP:C:\My Programs\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{260A9EC7-06A4-4419-B2C7-C3B18ECEB344}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{0D1C1ED7-1917-43DB-85BC-C34D1E9E4EA8}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{EA8BC839-14AC-4B3B-92EF-66F2B8835279}C:\\my programs\\nhl\\irc\\mirc.exe"= UDP:C:\my programs\nhl\irc\mirc.exe:mIRC
"UDP Query User{4DA1BBBD-58A5-48B3-B05F-ECE182F3E2C5}C:\\my programs\\nhl\\irc\\mirc.exe"= TCP:C:\my programs\nhl\irc\mirc.exe:mIRC
"{50F0699F-0385-4FBE-8A8A-5C2A29D99B0C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{7DC77EE6-6BE7-44AF-A6E7-24563CCE2C1C}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{95106BE4-2877-4C2A-9685-A16FD3BB60AC}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{82DE3A49-2E68-4BD1-A61F-00B33768E6C1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{FD080D91-69A9-434D-AEBF-2FB719B17843}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{579D20D8-5205-4D37-92E6-27D8C9D8D62E}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{2227DCAB-5CCB-43C0-8962-EBA93D44E133}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{34A77338-EE99-43A4-A1FA-8E2C0FE645F7}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{F739FA14-E76C-4893-B261-3AB07D15C793}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast
"UDP Query User{C16E976D-8934-46F2-8B27-BB7B321BD52F}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast
"TCP Query User{519707E6-561A-40CF-869B-FA6CDE6FD505}C:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= UDP:C:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader
"UDP Query User{7B5D71BF-D458-4FBF-9EAE-291A5A56D5F8}C:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= TCP:C:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader
"TCP Query User{D738D6E8-0FBA-4B79-B9A2-26D9540701CC}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{CBD801A9-D7FA-4DF7-B218-407980532F89}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{ED751B80-F492-4BB8-8552-43396A750533}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{C1ACB985-F01A-4F7D-9FA7-F8083AF18DBE}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{BE402F41-A8C0-41A9-979C-310AF1C0F6B2}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FBF9A3EF-B6FB-4530-AA78-D407F28E8B76}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{B7A8BCAF-0034-4E00-B886-A5AB7F996A43}C:\\program files\\anno 1701\\anno1701.exe"= UDP:C:\program files\anno 1701\anno1701.exe:Anno 1701
"UDP Query User{C61FE430-4D67-4D35-BEF5-33372799B64F}C:\\program files\\anno 1701\\anno1701.exe"= TCP:C:\program files\anno 1701\anno1701.exe:Anno 1701
"{9781EA11-859A-41CC-8A1F-DEE3618970CA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9CFDB5DA-8F77-4D74-BEE2-DBDB08F31815}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1C213D13-B236-44ED-9D6C-CA058BEFABF8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{49A33802-4364-43A0-A9B7-5900AB13686B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7282253C-AEBD-4EBF-B503-32D1BFBA1A91}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D88E3DEC-262F-460B-9CF9-52B0A1826418}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{13E00C74-3192-4A40-ADEF-0643F30A574B}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 20264]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 16680]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 60712]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-22 97928]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-10-30 141312]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-22 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-22 231704]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-06 2464768]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-22 69128]
S3 JNS;JNS;C:\Users\Pekowski\AppData\Local\Temp\JNS.exe [ ]
S3 KKGLMLO;KKGLMLO;C:\Users\Pekowski\AppData\Local\Temp\KKGLMLO.exe [ ]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 YBZNHXLKK;YBZNHXLKK;C:\Users\Pekowski\AppData\Local\Temp\YBZNHXLKK.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12dab9d5-f9b0-11dc-8e41-001b38218ea9}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb954b22-8f29-11dd-9684-001b38218ea9}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-ICQ Lite - C:\Program Files\ICQLite\ICQLite.exe
MSConfigStartUp-NeroFilterCheck - C:\Windows\system32\NeroCheck.exe
MSConfigStartUp-PWRISOVM - C:\Program Files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Pekowski\AppData\Roaming\Mozilla\Firefox\Profiles\v754991\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 12:15:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-31 12:17:34
ComboFix-quarantined-files.txt 2008-10-31 11:17:30

Pre-Run: 33 157 398 528 bytes free
Post-Run: 33,061,650,432 bytes free

287 --- E O F --- 2008-10-30 19:55:07

[riffman]

disky F, G a H pouzivate?

[worman]

F je dvd-rom G a H nemam alebo aspon o tom neviem ze by som ich mal a nepouzivam ich.
Mam C a D (pevne disky) a E je virtualna cd-rom.

[riffman]

bezva, to jsem chtel vedet

nejdriv odinstalujte AntiTrojanElite

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb954b22-8f29-11dd-9684-001b38218ea9}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci

[worman]

A poradite mi este s tym antyspyware? Pisal som v predoslom prispevku. Dakujem


ComboFix 08-10-30.12 - Pekowski 2008-10-31 16:04:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.977 [GMT 1:00]
Running from: C:\Users\Pekowski\Desktop\ComboFix.exe
Command switches used :: C:\Users\Pekowski\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-30 12:23 . 2008-10-31 12:21 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-10-30 12:20 . 2008-10-31 12:23 <DIR> d-------- C:\Users\Pekowski\AppData\Roaming\Spyware Terminator
2008-10-30 12:20 . 2008-10-31 12:21 <DIR> d-------- C:\Users\All Users\Spyware Terminator
2008-10-30 12:20 . 2008-10-31 12:21 <DIR> d-------- C:\ProgramData\Spyware Terminator
2008-10-30 12:20 . 2008-10-30 12:22 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-10-30 12:20 . 2008-10-31 16:00 <DIR> d-------- C:\Program Files\Crawler
2008-10-30 12:20 . 2008-10-30 12:20 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-10-30 11:55 . 2008-10-30 12:00 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-10-29 22:34 . 2008-10-30 01:49 <DIR> d-------- C:\Program Files\SmartShopper
2008-10-28 18:37 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 18:37 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-28 18:37 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-22 23:09 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-22 23:09 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-22 23:09 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-22 23:09 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-22 23:09 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-18 21:33 . 2008-10-18 21:33 <DIR> d-------- C:\Program Files\KONAMI
2008-10-15 22:37 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 22:37 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 22:37 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 22:37 . 2008-10-02 02:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 22:37 . 2008-10-02 04:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 22:37 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-02 19:21 . 2008-10-02 19:21 <DIR> d-------- C:\Users\Pekowski\AppData\Roaming\vlc
2008-10-02 18:07 . 2008-10-02 18:07 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-30 21:02 . 2008-10-01 13:34 <DIR> d-------- C:\Program Files\EA GAMES
2008-09-26 08:08 . 2008-09-26 08:08 <DIR> d-------- C:\Windows\PCHEALTH
2008-09-26 08:08 . 2008-09-26 08:08 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-26 08:06 . 2008-09-26 08:06 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-09-26 08:02 . 2008-09-26 08:02 <DIR> dr-h----- C:\MSOCache
2008-09-22 19:02 . 2008-09-22 19:05 <DIR> d-a------ C:\Users\All Users\TEMP
2008-09-22 19:02 . 2008-09-22 19:05 <DIR> d-a------ C:\ProgramData\TEMP
2008-09-20 15:09 . 2008-10-30 12:01 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-20 15:09 . 2008-10-30 12:01 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-09-20 15:09 . 2008-10-30 12:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-20 14:56 . 2008-10-31 12:22 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-09-20 14:56 . 2008-09-22 16:37 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-20 14:56 . 2008-09-22 16:38 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-09-20 14:56 . 2008-09-22 16:37 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-20 14:55 . 2008-09-20 14:55 <DIR> d-------- C:\Program Files\AVG
2008-09-10 19:04 . 2008-07-31 02:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 19:04 . 2008-08-02 02:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 19:04 . 2008-06-26 04:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 19:04 . 2008-06-26 04:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 19:04 . 2008-05-08 20:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 19:04 . 2008-05-20 03:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 19:04 . 2008-06-26 04:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 19:04 . 2008-08-02 04:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 19:04 . 2008-07-31 04:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-01 21:19 . 2008-09-01 21:22 <DIR> d-------- C:\Users\Pekowski\AppData\Roaming\DivX
2008-09-01 21:18 . 2008-10-29 21:54 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-09-01 21:17 . 2008-10-29 21:55 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 16:28 --------- d-----w C:\Users\Pekowski\AppData\Roaming\uTorrent
2008-10-29 20:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-16 01:09 --------- d-----w C:\Program Files\Windows Mail
2008-09-26 07:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-26 07:10 --------- d-----w C:\Program Files\MSBuild
2008-09-26 07:10 --------- d-----w C:\Program Files\Microsoft Works
2008-09-25 13:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 16:08 --------- d-----w C:\Program Files\ICQ6
2008-09-20 13:55 --------- d-----w C:\ProgramData\Avg8
2008-09-14 19:46 --------- d-----w C:\ProgramData\CyberLink
2008-09-14 19:46 --------- d-----w C:\Program Files\CyberLink
2008-09-14 12:57 --------- d-----w C:\Program Files\SopCast
2008-09-06 20:17 --------- d-----w C:\Users\Pekowski\AppData\Roaming\ICQ
2008-08-30 21:12 --------- d-----w C:\Program Files\Acer Inc
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-25 08:34 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-07-23 16:50 129,784 ------w C:\Windows\System32\pxafs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-18 05:13 174 --sha-w C:\Program Files\desktop.ini
2008-06-10 08:45 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-06-10 08:45 56 ---ha-w C:\ProgramData\ezsidmv.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-31_12.16.35,10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-31 09:51:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-31 14:53:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-31 09:54:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-10-31 14:54:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-10-31 14:54:03 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-31 11:15:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-31 15:08:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-10-31 15:08:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-31 11:09:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-31 11:20:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-31 11:09:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008103120081101\index.dat
+ 2008-10-31 11:23:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008103120081101\index.dat
- 2008-10-31 11:09:13 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-31 11:20:54 81,920 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-31 11:09:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-31 11:20:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-31 09:55:45 101,250 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-31 14:57:26 101,250 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-31 09:55:45 587,178 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-31 14:57:26 587,178 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-31 09:56:07 14,536 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-15284500-3642714716-381978655-1000_UserData.bin
+ 2008-10-31 14:55:37 14,806 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-15284500-3642714716-381978655-1000_UserData.bin
- 2008-10-31 09:56:06 89,716 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-31 14:55:37 89,832 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-31 09:56:05 55,668 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-31 14:55:35 55,700 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"BisonInst0402"="C:\Windows\BR040286.exe" [2007-05-09 69632]
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 13312]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 227840]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-30 1783808]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

C:\Users\Pekowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll,avgrsstx.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-01-17 17:01 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 16:08 173304 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 16:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2006-12-08 09:24 614400 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 15:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 03:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 16:18 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{99692A0A-9C86-4529-A6AB-EFA136359B76}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{32D1BF4D-9708-4ADF-B4DE-31A54FB8B874}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{3F9FACDB-6163-42A9-82C8-70F2168372CA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD99441F-1A85-47BC-8E1E-A1017C822B1C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{431DE57B-1584-409D-B555-EA1101BB014A}C:\\program files\\icqlite\\icqlite.exe"= UDP:C:\program files\icqlite\icqlite.exe:ICQLite
"UDP Query User{8EF417C5-0849-4BC6-AD47-6BE6894B3369}C:\\program files\\icqlite\\icqlite.exe"= TCP:C:\program files\icqlite\icqlite.exe:ICQLite
"{8E9668B5-5AB7-4697-B9C7-D3E4AA4EB03E}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{03A4C476-8B33-4438-8A19-A14940E0C22B}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{452F5721-3071-4180-80F8-E00C174033F2}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{FFF90095-B635-42BB-A748-B057B90B9083}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= UDP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"UDP Query User{907B1AD5-1C77-4F39-A752-599A0DB62DCC}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= TCP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"TCP Query User{D4D2F1F5-570A-4F06-A0EF-74BAE6D4C0D7}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= UDP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"UDP Query User{570FD367-263D-4F47-81C0-5A0071C4A8A5}C:\\my programs\\nhl\\fifa_mirc\\fifa_mirc\\mirc.exe"= TCP:C:\my programs\nhl\fifa_mirc\fifa_mirc\mirc.exe:mIRC
"TCP Query User{3605FA54-6B73-4EE1-B1B1-F68105ADBE5C}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{360E7E02-41B8-426F-AB8E-0D2F5DC8E6A9}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{267AD6DC-F40F-4E9C-9E8A-D31557C4E8FF}D:\\instal games\\3do\\heroes3\\heroes3.exe"= UDP:D:\instal games\3do\heroes3\heroes3.exe:Heroes of Might and Magic® III
"UDP Query User{1E184511-8018-43B4-B6DD-89D1FEBE49FC}D:\\instal games\\3do\\heroes3\\heroes3.exe"= TCP:D:\instal games\3do\heroes3\heroes3.exe:Heroes of Might and Magic® III
"TCP Query User{EB91A035-D785-4D52-A0D1-3D167A8D05E7}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{F5545B6A-DAD2-45D3-B1E3-DAEACCD21D96}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{51611557-BCA8-4CDD-9DB7-E502F5C40F57}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{58BCD144-8F9C-4402-B931-487A79115D90}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A3218522-07F2-4A40-857D-D3CB87CECC1F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2C79D543-5C2F-4773-8701-D28C6D43FEA6}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{91534AD3-CDB9-4ED4-97E0-60D1B3683008}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{CE4D34C2-4D80-4542-9508-CE9B74CB8A57}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{93FE2FB2-E2AD-4FA7-9F42-0B640504873A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{821514BB-4EF0-4554-98B5-AF030708EDBB}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{B85AF630-12FD-40BD-99CE-9B085AE44E6C}C:\\my programs\\nhl\\irc\\mirc.exe"= UDP:C:\my programs\nhl\irc\mirc.exe:mIRC
"UDP Query User{B452DAFA-AD6D-42CA-AA08-75F01D849F08}C:\\my programs\\nhl\\irc\\mirc.exe"= TCP:C:\my programs\nhl\irc\mirc.exe:mIRC
"TCP Query User{F628FB9B-63C1-4DC8-B161-6BB4BE18E29C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{223D24B6-6A09-4DE7-AE79-1B9FBBA2734E}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{25E12809-B89B-4882-8688-EF5FB0CE7A8A}"= UDP:C:\My Programs\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{6188EAFF-18BF-462E-BEDF-63CDB2916C81}"= TCP:C:\My Programs\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"TCP Query User{260A9EC7-06A4-4419-B2C7-C3B18ECEB344}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{0D1C1ED7-1917-43DB-85BC-C34D1E9E4EA8}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{EA8BC839-14AC-4B3B-92EF-66F2B8835279}C:\\my programs\\nhl\\irc\\mirc.exe"= UDP:C:\my programs\nhl\irc\mirc.exe:mIRC
"UDP Query User{4DA1BBBD-58A5-48B3-B05F-ECE182F3E2C5}C:\\my programs\\nhl\\irc\\mirc.exe"= TCP:C:\my programs\nhl\irc\mirc.exe:mIRC
"{50F0699F-0385-4FBE-8A8A-5C2A29D99B0C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{7DC77EE6-6BE7-44AF-A6E7-24563CCE2C1C}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{95106BE4-2877-4C2A-9685-A16FD3BB60AC}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{82DE3A49-2E68-4BD1-A61F-00B33768E6C1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{FD080D91-69A9-434D-AEBF-2FB719B17843}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{579D20D8-5205-4D37-92E6-27D8C9D8D62E}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{2227DCAB-5CCB-43C0-8962-EBA93D44E133}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{34A77338-EE99-43A4-A1FA-8E2C0FE645F7}C:\\users\\pekowski\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\pekowski\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{F739FA14-E76C-4893-B261-3AB07D15C793}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast
"UDP Query User{C16E976D-8934-46F2-8B27-BB7B321BD52F}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast
"TCP Query User{519707E6-561A-40CF-869B-FA6CDE6FD505}C:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= UDP:C:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader
"UDP Query User{7B5D71BF-D458-4FBF-9EAE-291A5A56D5F8}C:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= TCP:C:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader
"TCP Query User{D738D6E8-0FBA-4B79-B9A2-26D9540701CC}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{CBD801A9-D7FA-4DF7-B218-407980532F89}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{ED751B80-F492-4BB8-8552-43396A750533}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{C1ACB985-F01A-4F7D-9FA7-F8083AF18DBE}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{BE402F41-A8C0-41A9-979C-310AF1C0F6B2}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FBF9A3EF-B6FB-4530-AA78-D407F28E8B76}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"TCP Query User{B7A8BCAF-0034-4E00-B886-A5AB7F996A43}C:\\program files\\anno 1701\\anno1701.exe"= UDP:C:\program files\anno 1701\anno1701.exe:Anno 1701
"UDP Query User{C61FE430-4D67-4D35-BEF5-33372799B64F}C:\\program files\\anno 1701\\anno1701.exe"= TCP:C:\program files\anno 1701\anno1701.exe:Anno 1701
"{9781EA11-859A-41CC-8A1F-DEE3618970CA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9CFDB5DA-8F77-4D74-BEE2-DBDB08F31815}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1C213D13-B236-44ED-9D6C-CA058BEFABF8}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{49A33802-4364-43A0-A9B7-5900AB13686B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7282253C-AEBD-4EBF-B503-32D1BFBA1A91}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D88E3DEC-262F-460B-9CF9-52B0A1826418}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{13E00C74-3192-4A40-ADEF-0643F30A574B}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 20264]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 16680]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 60712]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-22 97928]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-10-30 141312]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-22 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-22 231704]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-06 2464768]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-22 69128]
S3 JNS;JNS;C:\Users\Pekowski\AppData\Local\Temp\JNS.exe [ ]
S3 KKGLMLO;KKGLMLO;C:\Users\Pekowski\AppData\Local\Temp\KKGLMLO.exe [ ]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 YBZNHXLKK;YBZNHXLKK;C:\Users\Pekowski\AppData\Local\Temp\YBZNHXLKK.exe [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12dab9d5-f9b0-11dc-8e41-001b38218ea9}]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb954b22-8f29-11dd-9684-001b38218ea9}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 16:08:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-31 16:10:28
ComboFix-quarantined-files.txt 2008-10-31 15:10:23
ComboFix2.txt 2008-10-31 11:17:36

Pre-Run: 32 893 407 232 bytes free
Post-Run: 32,763,842,560 bytes free

301 --- E O F --- 2008-10-30 19:55:07

[riffman]

ten antispyware chcete s rezidentem nebo bez? pokud s rezidentem, tak tam moc free aplikaci uz neni, takovy SuperAntiSpyware ve free verzi je docela optimalni, chrani totiz IE pred nepovolenymi zmenami

[worman]

Jasne vyskusam ten free:) a ten moj log ok?