Trojan-Dropper.agent

Zpráva

pedrovec · #1 Příspěvek od **pedrovec** » 23 bře 2010 23:14

zdravim virus forum,
problem mam takyto vcera som neviem ako cistou nahodou chytil virus skor trojana, neviem preco ale ani eset ani spybot snd ani ad aware nic nezachytili.
strasne mi spomaluje komp a web stranky
spravil som scan esetu nic , ad aware nic, spybot snd nic,
jedine spyware doctor mi nasiel trojan-dropper.agent ale nechce mi ho zmazat ze nieje mozne zmazat a vyzaduje restart na zmazanie ale ani to nepomaha.
stiahol som si este trojan killer ten nasiel tiez ale ked dam zmazat tak zmaze ale na novom scene je nanovo cize nezmazal.
vopred dakujem za pomoc
posielam vam tu log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-23 23:02:54
Microsoft Windows 7 Ultimate Service Pack 2
System drive C: has 369 GB (90%) free of 410 GB
Total RAM: 2046 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:52, on 23. 3. 2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Peto\Hijackthis\RSIT.exe
C:\Peto\Hijackthis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 8862 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-07-02 2215960]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-02-26 2140880]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-03-09 1286608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"=DevDetect.exe -autorun []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-23 22:57:18 ----D---- C:\rsit
2010-03-23 21:30:01 ----D---- C:\Program Files\GridinSoft Trojan Killer
2010-03-23 19:17:44 ----D---- C:\Users\Administrator\AppData\Roaming\Skype
2010-03-23 19:17:32 ----D---- C:\Users\Administrator\AppData\Roaming\ESET
2010-03-23 17:21:47 ----D---- C:\Users\Administrator\AppData\Roaming\TrojanHunter
2010-03-23 17:05:48 ----R---- C:\Windows\system32\streamhlp.dll
2010-03-23 17:05:09 ----D---- C:\Program Files\TrojanHunter 5.0
2010-03-23 15:48:07 ----D---- C:\ProgramData\Simply Super Software
2010-03-23 00:08:15 ----A---- C:\Windows\BDTSupport.dll
2010-03-23 00:08:13 ----A---- C:\Windows\SGDetectionTool.dll
2010-03-23 00:08:13 ----A---- C:\Windows\PCTBDRes.dll
2010-03-23 00:08:13 ----A---- C:\Windows\PCTBDCore.dll
2010-03-23 00:05:28 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-23 00:05:26 ----D---- C:\Users\Administrator\AppData\Roaming\PC Tools
2010-03-23 00:05:26 ----D---- C:\ProgramData\PC Tools
2010-03-23 00:05:26 ----D---- C:\Program Files\Spyware Doctor
2010-03-23 00:05:11 ----AD---- C:\ProgramData\TEMP
2010-03-22 23:42:04 ----A---- C:\Windows\system32\GEARAspi.dll
2010-03-22 23:39:49 ----D---- C:\Program Files\iPod
2010-03-22 23:39:48 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-22 23:39:48 ----D---- C:\Program Files\iTunes
2010-03-22 23:36:45 ----D---- C:\Program Files\Bonjour
2010-03-22 23:35:04 ----D---- C:\Program Files\QuickTime
2010-03-22 23:35:03 ----D---- C:\ProgramData\Apple Computer
2010-03-22 23:33:21 ----D---- C:\Program Files\Apple Software Update
2010-03-22 23:31:05 ----A---- C:\Windows\system32\lsdelete.exe
2010-03-22 23:30:22 ----D---- C:\ProgramData\Apple
2010-03-22 23:30:22 ----D---- C:\Program Files\Common Files\Apple
2010-03-22 21:59:45 ----D---- C:\Program Files\EarthView
2010-03-21 00:30:56 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-03-21 00:30:49 ----A---- C:\Windows\system32\PnkBstrA.exe
2010-03-21 00:30:47 ----A---- C:\Windows\system32\pbsvc_bc2.exe
2010-03-21 00:19:32 ----D---- C:\Hry
2010-03-20 23:59:50 ----D---- C:\Program Files\DAEMON Tools Lite
2010-03-20 23:59:09 ----D---- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
2010-03-20 23:58:06 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-03-20 17:18:46 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-03-20 17:18:40 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-03-20 17:18:40 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-03-20 17:18:40 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-03-20 17:18:40 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-03-20 17:18:39 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-03-20 17:18:39 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-03-20 17:18:39 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-03-20 17:18:39 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-03-20 17:18:38 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-03-20 17:18:38 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-03-20 17:18:38 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-03-20 17:18:38 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-03-20 17:18:38 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-03-20 17:18:38 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-03-20 17:18:37 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-03-20 17:18:36 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-03-20 17:18:36 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-03-20 17:18:34 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-03-20 17:18:34 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-03-20 17:18:34 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-03-20 17:18:34 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-03-20 17:18:29 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-03-20 17:18:29 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-03-20 17:18:29 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-03-20 17:18:29 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-03-20 17:18:28 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-03-20 17:18:28 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-03-20 17:18:27 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-03-20 17:18:27 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-03-20 17:18:27 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-03-20 17:18:27 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-03-20 17:18:27 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-03-20 17:18:26 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-03-20 17:18:24 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-03-20 17:18:24 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-03-20 17:18:24 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-03-20 17:18:24 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-03-20 17:18:24 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-03-20 17:18:23 ----A---- C:\Windows\system32\xactengine2_10.dll
2010-03-20 17:18:22 ----A---- C:\Windows\system32\d3dx9_36.dll
2010-03-20 17:18:22 ----A---- C:\Windows\system32\d3dx10_36.dll
2010-03-20 17:18:22 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2010-03-20 17:18:21 ----A---- C:\Windows\system32\xactengine2_9.dll
2010-03-20 17:18:21 ----A---- C:\Windows\system32\d3dx9_35.dll
2010-03-20 17:18:21 ----A---- C:\Windows\system32\d3dx10_35.dll
2010-03-20 17:18:21 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2010-03-20 17:18:20 ----A---- C:\Windows\system32\xinput1_3.dll
2010-03-20 17:18:20 ----A---- C:\Windows\system32\xactengine2_8.dll
2010-03-20 17:18:20 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2010-03-20 17:18:20 ----A---- C:\Windows\system32\d3dx9_34.dll
2010-03-20 17:18:20 ----A---- C:\Windows\system32\d3dx10_34.dll
2010-03-20 17:18:20 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2010-03-20 17:18:19 ----A---- C:\Windows\system32\xactengine2_7.dll
2010-03-20 17:18:19 ----A---- C:\Windows\system32\d3dx10_33.dll
2010-03-20 17:18:19 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2010-03-20 17:18:18 ----A---- C:\Windows\system32\xactengine2_6.dll
2010-03-20 17:18:18 ----A---- C:\Windows\system32\d3dx9_33.dll
2010-03-20 17:18:17 ----A---- C:\Windows\system32\xactengine2_5.dll
2010-03-20 17:18:17 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-03-20 17:18:17 ----A---- C:\Windows\system32\d3dx10.dll
2010-03-20 17:18:16 ----A---- C:\Windows\system32\xactengine2_4.dll
2010-03-20 17:18:16 ----A---- C:\Windows\system32\x3daudio1_1.dll
2010-03-20 17:18:12 ----A---- C:\Windows\system32\xactengine2_3.dll
2010-03-20 17:18:11 ----A---- C:\Windows\system32\xinput1_2.dll
2010-03-20 17:18:10 ----A---- C:\Windows\system32\xinput1_1.dll
2010-03-20 17:18:10 ----A---- C:\Windows\system32\xactengine2_2.dll
2010-03-20 17:18:08 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-03-20 17:17:56 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-03-20 17:17:56 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-03-20 17:17:56 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-03-20 17:17:56 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-03-20 17:17:56 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-03-20 17:17:56 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-03-20 17:17:55 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-03-20 17:17:55 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-03-20 17:17:55 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-03-20 17:10:27 ----D---- C:\Users\Administrator\AppData\Roaming\DeskSoft
2010-03-20 16:16:56 ----D---- C:\Program Files\Common Files\Steam
2010-03-18 23:02:40 ----DC---- C:\Windows\system32\DRVSTORE
2010-03-18 22:59:56 ----HDC---- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-18 22:59:23 ----D---- C:\ProgramData\Lavasoft
2010-03-18 22:59:23 ----D---- C:\Program Files\Lavasoft
2010-03-18 22:30:21 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-03-18 22:30:18 ----A---- C:\Windows\system32\d3dx9_31.dll
2010-03-18 22:28:54 ----D---- C:\Program Files\Winamp Detect
2010-03-18 22:27:23 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-03-18 22:27:06 ----D---- C:\Users\Administrator\AppData\Roaming\Winamp
2010-03-18 22:27:06 ----D---- C:\Program Files\Winamp
2010-03-18 20:07:08 ----D---- C:\Peto
2010-03-18 19:56:17 ----D---- C:\Program Files\Ask.com
2010-03-18 19:55:46 ----D---- C:\Program Files\BitTorrent
2010-03-18 19:49:33 ----D---- C:\Program Files\Conduit
2010-03-18 19:49:30 ----D---- C:\Program Files\BS_Player
2010-03-18 19:49:18 ----D---- C:\Users\Administrator\AppData\Roaming\BSplayer Pro
2010-03-18 19:49:18 ----D---- C:\Users\Administrator\AppData\Roaming\BSplayer
2010-03-18 19:49:06 ----D---- C:\Program Files\Webteh
2010-03-18 19:44:45 ----D---- C:\Program Files\Common Files\Skype
2010-03-18 19:44:43 ----RD---- C:\Program Files\Skype
2010-03-18 19:44:39 ----D---- C:\ProgramData\Skype
2010-03-18 19:43:23 ----D---- C:\Program Files\CCleaner
2010-03-18 19:39:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-03-18 19:39:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-18 16:45:41 ----D---- C:\ProgramData\ESET
2010-03-18 16:45:41 ----D---- C:\Program Files\ESET
2010-03-17 13:18:24 ----D---- C:\Program Files\Microsoft Silverlight
2010-03-17 11:07:38 ----D---- C:\Users\Administrator\AppData\Roaming\GHISLER
2010-03-17 11:07:38 ----D---- C:\Program Files\totalcmd
2010-03-16 14:50:20 ----A---- C:\Windows\system32\unrar.dll
2010-03-16 14:50:20 ----A---- C:\Windows\avisplitter.ini
2010-03-16 14:50:19 ----A---- C:\Windows\system32\yv12vfw.dll
2010-03-16 14:50:19 ----A---- C:\Windows\system32\xvidvfw.dll
2010-03-16 14:50:19 ----A---- C:\Windows\system32\xvidcore.dll
2010-03-16 14:50:18 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-03-16 14:50:18 ----A---- C:\Windows\system32\ff_vfw.dll
2010-03-16 14:50:17 ----D---- C:\Program Files\K-Lite Codec Pack
2010-03-16 14:45:07 ----D---- C:\Users\Administrator\AppData\Roaming\ACD Systems
2010-03-16 14:42:10 ----D---- C:\ProgramData\ACD Systems
2010-03-16 14:42:01 ----D---- C:\Program Files\Common Files\ACD Systems
2010-03-16 14:42:01 ----D---- C:\Program Files\ACD Systems
2010-03-16 14:29:37 ----D---- C:\Users\Administrator\AppData\Roaming\WinRAR
2010-03-16 14:29:24 ----D---- C:\Program Files\WinRAR
2010-03-16 14:25:12 ----D---- C:\ProgramData\WinZip
2010-03-16 14:25:02 ----D---- C:\Program Files\WinZip
2010-03-16 14:00:57 ----D---- C:\ProgramData\Nero
2010-03-16 14:00:57 ----D---- C:\Program Files\Nero
2010-03-16 14:00:57 ----A---- C:\Windows\system32\TwnLib4.dll
2010-03-16 14:00:57 ----A---- C:\Windows\system32\imagXRA7.dll
2010-03-16 14:00:57 ----A---- C:\Windows\system32\imagXR7.dll
2010-03-16 14:00:57 ----A---- C:\Windows\system32\imagXpr7.dll
2010-03-16 14:00:57 ----A---- C:\Windows\system32\imagX7.dll
2010-03-16 14:00:51 ----D---- C:\Program Files\Common Files\Nero
2010-03-16 13:46:45 ----D---- C:\ProgramData\Adobe
2010-03-16 13:46:34 ----D---- C:\Program Files\Common Files\Adobe
2010-03-16 13:46:34 ----D---- C:\Program Files\Adobe
2010-03-15 15:06:40 ----D---- C:\Program Files\Microsoft Works
2010-03-15 15:05:49 ----D---- C:\Program Files\Microsoft Visual Studio
2010-03-15 15:05:49 ----D---- C:\Program Files\Common Files\DESIGNER
2010-03-15 15:05:35 ----D---- C:\Windows\PCHEALTH
2010-03-15 15:05:35 ----D---- C:\Program Files\Microsoft.NET
2010-03-15 15:02:26 ----D---- C:\ProgramData\Microsoft Help
2010-03-15 15:02:26 ----D---- C:\Program Files\Microsoft Office
2010-03-15 15:00:42 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-15 14:58:44 ----RHD---- C:\MSOCache
2010-03-15 14:21:39 ----D---- C:\Program Files\Common Files\ATI Technologies
2010-03-15 14:19:15 ----SHD---- C:\Windows\Installer
2010-03-15 14:19:14 ----D---- C:\Program Files\ATI
2010-03-15 14:15:53 ----D---- C:\Program Files\ATI Technologies
2010-03-15 14:13:02 ----D---- C:\ATI
2010-03-15 13:52:56 ----D---- C:\Users\Administrator\AppData\Roaming\Macromedia
2010-03-15 13:52:54 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe
2010-03-15 13:52:49 ----D---- C:\Windows\system32\Macromed
2010-03-15 13:12:47 ----A---- C:\Windows\system32\msv1_0.dll
2010-03-15 13:09:30 ----A---- C:\Windows\system32\MRT.exe
2010-03-15 13:06:33 ----A---- C:\Windows\system32\jscript.dll
2010-03-15 13:06:31 ----A---- C:\Windows\system32\mshtml.dll
2010-03-15 13:06:30 ----A---- C:\Windows\system32\urlmon.dll
2010-03-15 13:06:30 ----A---- C:\Windows\system32\ieframe.dll
2010-03-15 13:06:30 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-15 13:06:29 ----A---- C:\Windows\system32\wininet.dll
2010-03-15 13:06:29 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-15 13:06:19 ----A---- C:\Windows\system32\wmp.dll
2010-03-15 13:06:18 ----A---- C:\Windows\system32\wmploc.DLL
2010-03-15 13:06:18 ----A---- C:\Windows\system32\winresume.exe
2010-03-15 13:06:18 ----A---- C:\Windows\system32\winload.exe
2010-03-15 13:06:18 ----A---- C:\Windows\system32\CertEnroll.dll
2010-03-15 13:06:10 ----A---- C:\Windows\system32\kernel32.dll
2010-03-15 13:06:09 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-15 13:06:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-03-15 13:06:09 ----A---- C:\Windows\system32\apphelp.dll
2010-03-15 13:06:07 ----A---- C:\Windows\system32\quartz.dll
2010-03-15 13:06:07 ----A---- C:\Windows\system32\msyuv.dll
2010-03-15 13:06:07 ----A---- C:\Windows\system32\msvidc32.dll
2010-03-15 13:06:07 ----A---- C:\Windows\system32\mciavi32.dll
2010-03-15 13:06:07 ----A---- C:\Windows\system32\iyuv_32.dll
2010-03-15 13:06:07 ----A---- C:\Windows\system32\avifil32.dll
2010-03-15 13:06:06 ----A---- C:\Windows\system32\tsbyuv.dll
2010-03-15 13:06:06 ----A---- C:\Windows\system32\msrle32.dll
2010-03-15 13:06:04 ----A---- C:\Windows\system32\t2embed.dll
2010-03-15 13:06:04 ----A---- C:\Windows\system32\fontsub.dll
2010-03-15 13:06:04 ----A---- C:\Windows\system32\atmfd.dll
2010-03-15 13:05:56 ----A---- C:\Windows\system32\psisdecd.dll
2010-03-15 13:05:56 ----A---- C:\Windows\system32\msdri.dll
2010-03-15 13:05:56 ----A---- C:\Windows\system32\CPFilters.dll
2010-03-15 13:05:54 ----A---- C:\Windows\system32\winlogon.exe
2010-03-15 13:05:54 ----A---- C:\Windows\explorer.exe
2010-03-15 13:05:21 ----A---- C:\Windows\system32\msasn1.dll
2010-03-15 13:00:20 ----A---- C:\Windows\system32\tzres.dll
2010-03-15 13:00:10 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-03-15 13:00:10 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-03-15 13:00:10 ----A---- C:\Windows\system32\secproc_isv.dll
2010-03-15 13:00:10 ----A---- C:\Windows\system32\secproc.dll
2010-03-15 13:00:10 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-03-15 13:00:10 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-03-15 13:00:10 ----A---- C:\Windows\system32\RMActivate.exe
2010-03-15 13:00:09 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-03-15 12:44:31 ----N---- C:\Windows\system32\MpSigStub.exe
2010-03-15 12:34:51 ----D---- C:\Users\Administrator\AppData\Roaming\Identities
2010-03-15 12:34:40 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2010-03-15 12:34:40 ----D---- C:\Users\Administrator\AppData\Roaming\Media Center Programs
2010-03-15 12:25:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-15 12:21:08 ----SHD---- C:\Recovery
2010-03-15 11:48:01 ----D---- C:\Windows\SoftwareDistribution
2010-03-15 11:41:34 ----D---- C:\Windows\Prefetch
2010-03-15 11:41:04 ----SHD---- C:\System Volume Information
2010-03-15 11:40:11 ----D---- C:\Windows\Panther
2010-03-15 11:39:59 ----RASH---- C:\BOOTSECT.BAK
2010-03-15 11:39:52 ----SHD---- C:\Boot

======List of files/folders modified in the last 1 months======

2010-03-23 23:01:17 ----D---- C:\Windows\Temp
2010-03-23 23:01:07 ----D---- C:\Windows\system32\Tasks
2010-03-23 22:47:58 ----D---- C:\Windows\System32
2010-03-23 22:47:57 ----D---- C:\Windows\inf
2010-03-23 22:41:20 ----D---- C:\Windows\system32\config
2010-03-23 22:30:50 ----SD---- C:\ProgramData\Microsoft
2010-03-23 22:16:36 ----D---- C:\Windows\Tasks
2010-03-23 22:09:59 ----RD---- C:\Program Files
2010-03-23 15:48:07 ----HD---- C:\ProgramData
2010-03-23 00:51:37 ----D---- C:\Windows\system32\catroot2
2010-03-23 00:31:42 ----D---- C:\Windows
2010-03-23 00:15:20 ----D---- C:\Windows\system32\drivers
2010-03-23 00:05:28 ----D---- C:\Program Files\Common Files
2010-03-22 23:42:05 ----D---- C:\Windows\system32\catroot
2010-03-22 23:36:17 ----D---- C:\Program Files\Internet Explorer
2010-03-22 23:32:30 ----D---- C:\Windows\system32\DriverStore
2010-03-21 00:30:45 ----D---- C:\Windows\system32\LogFiles
2010-03-21 00:18:52 ----RSD---- C:\Windows\assembly
2010-03-21 00:15:11 ----D---- C:\Windows\winsxs
2010-03-20 17:18:00 ----D---- C:\Windows\Microsoft.NET
2010-03-20 17:17:43 ----D---- C:\Windows\Logs
2010-03-17 12:41:29 ----D---- C:\Windows\system32\wdi
2010-03-17 11:10:54 ----SHD---- C:\$Recycle.Bin
2010-03-17 11:10:42 ----RD---- C:\Users
2010-03-16 09:40:51 ----D---- C:\Windows\rescache
2010-03-15 15:16:05 ----D---- C:\Program Files\Common Files\System
2010-03-15 15:16:05 ----A---- C:\Windows\win.ini
2010-03-15 15:12:43 ----RSD---- C:\Windows\Fonts
2010-03-15 15:12:35 ----D---- C:\Program Files\Common Files\microsoft shared
2010-03-15 15:03:50 ----D---- C:\Windows\ShellNew
2010-03-15 14:37:33 ----D---- C:\Windows\debug
2010-03-15 14:26:53 ----D---- C:\Windows\Downloaded Program Files
2010-03-15 13:17:08 ----D---- C:\Windows\AppPatch
2010-03-15 13:17:07 ----D---- C:\Windows\system32\Boot
2010-03-15 13:17:07 ----D---- C:\Program Files\Windows Media Player
2010-03-15 13:17:04 ----D---- C:\Windows\ehome
2010-03-15 13:08:29 ----D---- C:\Windows\system32\sk-SK
2010-03-15 12:44:06 ----D---- C:\Windows\system32\restore
2010-03-15 12:25:43 ----D---- C:\Windows\system32\wbem
2010-03-15 11:55:27 ----D---- C:\Windows\system32\sysprep
2010-03-15 11:50:59 ----D---- C:\Windows\system32\CodeIntegrity
2010-03-15 11:43:04 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336]
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488]
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728]
R1 ws2ifsl;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-02-26 134488]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-02-26 41312]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128]
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 86528]
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-14 586752]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928]
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816]
R3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-08 2506232]
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632]
R3 CompositeBus;Composite Bus Enumerator Driver; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232]
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-02-26 32584]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544]
R3 HidUsb;Microsoft HID Class Driver; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064]
R3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160]
R3 monitor;Microsoft Monitor Class Function Driver Service; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552]
R3 mouhid;Mouse HID Driver; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112]
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416]
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-01-08 221184]
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2009-07-14 95744]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2010-03-16 6504]
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2010-02-05 70408]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152]
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2009-07-14 306688]
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2009-12-08 113664]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544]
R3 umbus;UMBus Enumerator Driver; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-14 39936]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbehci.sys [2009-10-24 41984]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\Windows\system32\DRIVERS\usbhub.sys [2009-10-24 258560]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbohci.sys [2009-07-14 20480]
R3 USBSTOR;USB Mass Storage Driver; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752]
R3 vwifibus;Virtual WiFi Bus Driver; C:\Windows\system32\DRIVERS\vwifibus.sys [2009-07-14 19968]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328]
S3 a5mrp2wl;a5mrp2wl; C:\Windows\system32\drivers\a5mrp2wl.sys []
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728]
S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512]
S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912]
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736]
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952]
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176]
S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368]
S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-13 11904]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320]
S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080]
S3 Compbatt;Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [2009-07-14 19024]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168]
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 142336]
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160]
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136]
S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888]
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152]
S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352]
S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040]
S3 intelide;intelide; C:\Windows\system32\DRIVERS\intelide.sys [2009-07-14 15424]
S3 intelppm;Intel Processor Driver; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760]
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536]
S3 isapnp;isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [2009-07-14 46656]
S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960]
S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584]
S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624]
S3 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys [2009-07-14 27712]
S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792]
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096]
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144]
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288]
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136]
S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464]
S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-14 85568]
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624]
S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968]
S3 sffdisk;SFF Storage Class Driver; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-07-14 12800]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016]
S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168]
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2009-07-14 1285712]
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208]
S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888]
S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424]
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192]
S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016]
S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064]
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112]
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632]
S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264]
S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096]

pedrovec · #2 Příspěvek od **pedrovec** » 23 bře 2010 23:15

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-02-03 172032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-18 1263728]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-03-21 75064]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280]
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-14 22528]
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2010-02-02 70928]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520]
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528]
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 557056]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 94720]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-02-26 33560]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-14 522752]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42856]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 878416]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-14 12800]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-03-20 332720]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 35840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528]
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-14 452608]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688]
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 128848]

-----------------EOF-----------------

sry nezmestilo sa to cele do jednej spravy.

vopred dakujem za pomoc.

#3 Příspěvek od **motji** » 23 bře 2010 23:28

Dobrý večer

Můžu vědět, v jakém souboru Vám vir hlásí?

pedrovec · #4 Příspěvek od **pedrovec** » 23 bře 2010 23:36

pekny vecer.

no neviem ci som spravne ale spyware doctor mi hlasi ze

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\equi.exe

to je vsetko co mi o tom pise sd

#5 Příspěvek od **motji** » 23 bře 2010 23:45

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

pedrovec · #6 Příspěvek od **pedrovec** » 24 bře 2010 00:12

ComboFix 10-03-23.03 - Administrator . 03. 2010 23:57:29.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2046.1401 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3638210913-3930768369-3472419993-1000
F:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 23:06 . 2010-03-23 23:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-03-23 22:52 . 2010-03-23 22:52 -------- d-----w- C:\32788R22FWJFW
2010-03-23 22:00 . 2010-03-23 22:00 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2010-03-23 21:57 . 2010-03-23 22:03 -------- d-----w- C:\rsit
2010-03-23 20:30 . 2010-03-23 20:38 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-03-23 18:17 . 2010-03-23 22:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-03-23 18:17 . 2010-03-23 18:17 -------- d-----w- c:\users\Administrator\AppData\Local\ESET
2010-03-23 17:40 . 2010-03-23 17:40 -------- d-----w- c:\users\Administrator\AppData\Local\Threat Expert
2010-03-23 17:00 . 2010-03-23 17:00 -------- d-----w- c:\users\peter\AppData\Roaming\TrojanHunter
2010-03-23 16:47 . 2010-03-23 16:47 -------- d-----w- c:\users\peter\AppData\Local\Diagnostics
2010-03-23 16:21 . 2010-03-23 16:21 -------- d-----w- c:\users\Administrator\AppData\Roaming\TrojanHunter
2010-03-23 16:05 . 2010-03-23 21:03 -------- d-----w- c:\program files\TrojanHunter 5.0
2010-03-23 14:48 . 2010-03-23 14:48 -------- d-----w- c:\programdata\Simply Super Software
2010-03-22 23:15 . 2010-02-02 09:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-03-22 23:15 . 2010-02-02 09:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-03-22 23:15 . 2010-02-02 09:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-03-22 23:08 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-22 23:08 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-22 23:08 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-22 23:08 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-22 23:08 . 2009-10-28 00:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-22 23:08 . 2008-11-26 11:08 131 ----a-w- c:\windows\IDB.zip
2010-03-22 23:06 . 2010-02-05 08:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-03-22 23:06 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-22 23:06 . 2010-03-10 10:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-22 23:06 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-22 23:05 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-22 23:05 . 2010-03-22 23:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-22 23:05 . 2010-03-23 22:50 -------- d-----w- c:\program files\Spyware Doctor
2010-03-22 23:05 . 2010-03-22 23:15 -------- d-----w- c:\programdata\PC Tools
2010-03-22 23:05 . 2010-03-22 23:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\PC Tools
2010-03-22 22:57 . 2010-03-22 22:57 -------- d-----w- c:\users\peter\AppData\Roaming\BSplayer
2010-03-22 22:44 . 2010-03-22 22:44 -------- d-----w- c:\users\peter\AppData\Local\Apple Computer
2010-03-22 22:44 . 2010-03-22 22:44 -------- d-----w- c:\users\peter\AppData\Roaming\Apple Computer
2010-03-22 22:42 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-22 22:42 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-22 22:39 . 2010-03-22 22:39 -------- d-----w- c:\program files\iPod
2010-03-22 22:39 . 2010-03-22 22:41 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-22 22:39 . 2010-03-22 22:41 -------- d-----w- c:\program files\iTunes
2010-03-22 22:36 . 2010-03-22 22:36 -------- d-----w- c:\program files\Bonjour
2010-03-22 22:35 . 2010-03-22 22:36 -------- d-----w- c:\program files\QuickTime
2010-03-22 22:35 . 2010-03-22 22:39 -------- d-----w- c:\programdata\Apple Computer
2010-03-22 22:33 . 2010-03-22 22:33 -------- d-----w- c:\users\Administrator\AppData\Local\Apple
2010-03-22 22:33 . 2010-03-22 22:33 -------- d-----w- c:\program files\Apple Software Update
2010-03-22 22:31 . 2010-03-18 22:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-22 22:30 . 2010-03-22 22:39 -------- d-----w- c:\program files\Common Files\Apple
2010-03-22 22:30 . 2010-03-22 22:30 -------- d-----w- c:\programdata\Apple
2010-03-22 20:59 . 2010-03-22 23:31 -------- d-----w- c:\program files\EarthView
2010-03-20 23:33 . 2010-03-20 23:33 -------- d-----w- c:\users\peter\AppData\Local\PunkBuster
2010-03-20 23:32 . 2010-03-22 15:11 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-20 23:32 . 2010-03-20 23:32 138056 ----a-w- c:\users\Administrator\AppData\Roaming\PnkBstrK.sys
2010-03-20 23:30 . 2010-03-22 14:48 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-20 23:30 . 2010-03-20 23:30 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-20 23:30 . 2010-03-20 23:30 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-20 23:19 . 2010-03-21 23:31 -------- d-----w- C:\Hry
2010-03-20 23:09 . 2010-03-20 23:09 -------- d-----w- c:\users\peter\AppData\Roaming\DAEMON Tools Lite
2010-03-20 23:01 . 2010-03-20 23:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-20 22:59 . 2010-03-20 23:01 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-03-20 22:59 . 2010-03-23 22:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\DAEMON Tools Lite
2010-03-20 22:58 . 2010-03-20 22:59 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-20 22:51 . 2010-03-20 22:51 64336 ----a-w- c:\users\peter\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 16:23 . 2010-03-20 16:23 24486912 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{269E01A2-FF0E-677E-C91D-681A7A79A545}-RUSE.exe
2010-03-20 16:17 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-03-20 16:10 . 2010-03-20 16:10 -------- d-----w- c:\users\Administrator\AppData\Roaming\DeskSoft
2010-03-20 16:10 . 2010-03-20 16:10 -------- d-----w- c:\users\peter\AppData\Roaming\DeskSoft
2010-03-20 15:16 . 2010-03-20 23:07 -------- d-----w- c:\program files\Common Files\Steam
2010-03-20 11:38 . 2010-03-22 23:39 -------- d-----w- c:\users\peter\AppData\Roaming\BitTorrent
2010-03-18 21:59 . 2010-03-18 21:59 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-18 21:59 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-18 21:59 . 2010-03-18 22:02 -------- d-----w- c:\programdata\Lavasoft
2010-03-18 21:59 . 2010-03-18 22:00 -------- d-----w- c:\program files\Lavasoft
2010-03-18 21:38 . 2010-03-18 21:40 -------- d-----w- c:\users\peter\AppData\Roaming\Winamp
2010-03-18 21:30 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-18 21:30 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-18 21:28 . 2010-03-18 21:28 -------- d-----w- c:\program files\Winamp Detect
2010-03-18 21:27 . 2010-03-18 21:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-18 21:27 . 2010-03-18 21:33 -------- d-----w- c:\program files\Winamp
2010-03-18 21:27 . 2010-03-18 21:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2010-03-18 19:07 . 2010-03-23 21:55 -------- d-----w- C:\Peto
2010-03-18 19:06 . 2010-03-18 19:07 -------- d-----w- c:\users\peter\AppData\Roaming\Ventrilo
2010-03-18 18:57 . 2010-03-18 18:57 -------- d-----w- c:\users\peter\AppData\Local\Blizzard Entertainment
2010-03-18 18:56 . 2010-03-18 18:56 -------- d-----w- c:\program files\Ask.com
2010-03-18 18:55 . 2010-03-18 18:55 -------- d-----w- c:\program files\BitTorrent
2010-03-18 18:51 . 2008-04-13 16:26 36396 ----a-w- c:\users\Administrator\AppData\Roaming\BSplayer\AC3 Filter\uninstall.exe
2010-03-18 18:51 . 2007-07-05 02:33 892928 ----a-w- c:\users\Administrator\AppData\Roaming\BSplayer\AC3 Filter\iconv.dll
2010-03-18 18:51 . 2007-08-18 08:54 20480 ----a-w- c:\users\Administrator\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
2010-03-18 18:51 . 2007-08-18 08:53 16384 ----a-w- c:\users\Administrator\AppData\Roaming\BSplayer\AC3 Filter\dialog_patch.exe
2010-03-18 18:49 . 2010-03-18 18:49 -------- d-----w- c:\program files\Conduit
2010-03-18 18:49 . 2010-03-18 18:49 -------- d-----w- c:\program files\BS_Player
2010-03-18 18:49 . 2010-03-18 18:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\BSplayer
2010-03-18 18:49 . 2010-03-18 18:49 -------- d-----w- c:\users\Administrator\AppData\Roaming\BSplayer Pro
2010-03-18 18:49 . 2010-03-18 18:49 -------- d-----w- c:\program files\Webteh
2010-03-18 18:46 . 2010-03-21 23:02 -------- d-----w- c:\users\peter\AppData\Roaming\skypePM
2010-03-18 18:45 . 2010-03-22 01:19 -------- d-----w- c:\users\peter\AppData\Roaming\Skype
2010-03-18 18:44 . 2010-03-18 18:44 -------- d-----w- c:\program files\Common Files\Skype
2010-03-18 18:44 . 2010-03-18 18:45 -------- d-----r- c:\program files\Skype
2010-03-18 18:44 . 2010-03-18 18:44 -------- d-----w- c:\programdata\Skype
2010-03-18 18:43 . 2010-03-18 18:43 -------- d-----w- c:\program files\CCleaner
2010-03-18 18:39 . 2010-03-18 18:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-18 18:39 . 2010-03-18 18:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-18 15:50 . 2010-03-18 15:50 -------- d-----w- c:\users\peter\AppData\Local\ESET
2010-03-18 15:45 . 2010-03-18 15:45 -------- d-----w- c:\program files\ESET
2010-03-17 12:18 . 2010-03-17 12:18 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-17 11:48 . 2010-03-17 11:48 -------- d-----w- c:\users\peter\AppData\Roaming\Nero
2010-03-17 11:48 . 2010-03-17 11:48 -------- d-----w- c:\users\peter\AppData\Local\ACD Systems
2010-03-17 11:48 . 2010-03-17 11:48 -------- d-----w- c:\users\peter\AppData\Roaming\ACD Systems
2010-03-17 11:11 . 2010-03-17 11:11 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-03-17 10:15 . 2010-03-17 10:15 -------- d-----w- c:\users\peter\AppData\Local\Adobe
2010-03-17 10:07 . 2010-03-17 10:08 -------- d-----w- c:\program files\totalcmd
2010-03-17 10:07 . 2010-03-17 10:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\GHISLER
2010-03-17 10:07 . 2008-08-08 06:04 545 ----a-w- c:\windows\UC.PIF
2010-03-17 10:07 . 2008-08-08 06:04 545 ----a-w- c:\windows\RAR.PIF
2010-03-17 10:07 . 2008-08-08 06:04 545 ----a-w- c:\windows\PKZIP.PIF
2010-03-17 10:07 . 2008-08-08 06:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-03-17 10:07 . 2008-08-08 06:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-03-17 10:07 . 2008-08-08 06:04 545 ----a-w- c:\windows\LHA.PIF
2010-03-17 10:07 . 2008-08-08 06:04 545 ----a-w- c:\windows\ARJ.PIF
2010-03-16 13:50 . 2010-02-10 17:13 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-16 13:50 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-16 13:50 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-16 13:50 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-16 13:50 . 2010-03-10 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-16 13:50 . 2010-03-16 13:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-16 13:45 . 2010-03-16 13:45 -------- d-----w- c:\users\Administrator\AppData\Local\ACD Systems
2010-03-16 13:45 . 2010-03-16 13:45 -------- d-----w- c:\users\Administrator\AppData\Roaming\ACD Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 14:49 . 2010-03-22 14:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-03-18 18:46 . 2010-03-18 18:46 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-16 10:01 . 2009-05-13 18:11 6504 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2010-03-15 10:51 . 2010-03-15 10:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-02-15 17:41 . 2010-02-15 17:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-04 15:53 . 2010-03-18 22:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 04:54 . 2010-02-03 04:54 5313536 ----a-w- c:\windows\system32\drivers\atipmdag.sys
2010-02-03 04:54 . 2010-02-03 04:54 5313536 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-02-03 04:23 . 2010-02-03 04:23 426496 ----a-w- c:\windows\system32\aticfx32.dll
2010-02-03 04:19 . 2010-02-03 04:19 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-03 04:17 . 2010-02-03 04:17 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-03 04:17 . 2010-02-03 04:17 372736 ----a-w- c:\windows\system32\atieclxx.exe
2010-02-03 04:16 . 2010-02-03 04:16 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2010-02-03 04:15 . 2010-02-03 04:15 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-02-03 04:15 . 2010-02-03 04:15 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-03 04:15 . 2010-02-03 04:15 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-03 04:14 . 2010-02-03 04:14 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-02-03 04:14 . 2010-02-03 04:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-03 04:12 . 2010-02-03 04:12 3073024 ----a-w- c:\windows\system32\atidxx32.dll
2010-02-03 04:01 . 2010-02-03 04:01 14147072 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-03 03:55 . 2010-02-03 03:55 3653632 ----a-w- c:\windows\system32\atiumdag.dll
2010-02-03 03:52 . 2010-02-03 03:52 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-03 03:52 . 2010-02-03 03:52 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-03 03:51 . 2010-02-03 03:51 3649536 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-03 03:40 . 2010-02-03 03:40 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:37 . 2010-02-03 03:37 2934272 ----a-w- c:\windows\system32\atiumdva.dll
2010-02-03 03:25 . 2010-02-03 03:25 52224 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-03 03:25 . 2010-02-03 03:25 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:24 . 2010-02-03 03:24 229376 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:24 . 2010-02-03 03:24 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-02-03 03:24 . 2010-02-03 03:24 14848 ----a-w- c:\windows\system32\atigktxx.dll
2010-02-03 03:23 . 2010-02-03 03:23 150016 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-02-03 03:23 . 2010-02-03 03:23 50176 ----a-w- c:\windows\system32\coinst.dll
2010-02-03 03:23 . 2010-02-03 03:23 27136 ----a-w- c:\windows\system32\atiuxpag.dll
2010-02-03 03:22 . 2010-02-03 03:22 20480 ----a-w- c:\windows\system32\atiu9pag.dll
2010-01-08 03:18 . 2010-03-15 12:06 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-03-15 12:06 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-20 691696]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-02-05 70408]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 59664]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-02-26 41312]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-18 1263728]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-03 5313536]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-03 150016]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]

.
Contents of the 'Scheduled Tasks' folder

2010-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - J:\HijackThis.exe

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,5c,59,af,22,24,51,4f,80,82,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,5c,59,af,22,24,51,4f,80,82,1d,\

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (Administrator)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Winamp.File"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-3638210913-3930768369-3472419993-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-03-24 00:10:17
ComboFix-quarantined-files.txt 2010-03-23 23:10

Pre-Run: 387 163 185 152 bytes free
Post-Run: 387 004 411 904 bytes free

- - End Of File - - 1F2CCC501A3C1B71BD4E5461584F7EE1

#7 Příspěvek od **motji** » 24 bře 2010 06:31

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- uložte ho na plochu a spustte.
- do okénka zkopírujte

Kód: Vybrat vše

:filefind
equi.exe

:regfind
equi.exe

- klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

pedrovec · #8 Příspěvek od **pedrovec** » 24 bře 2010 14:51

files not found

#9 Příspěvek od **motji** » 24 bře 2010 16:48

start - spustit - napište Regedit

Najděte klíč
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\equi.exe

a dejte screen

.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

pedrovec · #10 Příspěvek od **pedrovec** » 24 bře 2010 19:16

prosim ta kde je to spustit vo win 7 neviem to najst
dik

#11 Příspěvek od **motji** » 24 bře 2010 21:31

Zkuste přes spravce uloh - nová uloha.
Nebo start - a přes vyhledávání - měl by jít otevřít.

pedrovec · #12 Příspěvek od **pedrovec** » 24 bře 2010 21:36

no opet nic nenaslo. skusil som vypnut doctor spyware a zrychlilo mi to pc aj net moze byt iba to infikovane? ako to mozme pozriet.

dik

#13 Příspěvek od **motji** » 24 bře 2010 21:47

Myslíte tím, že mbam nic nenašel? Nebo že jste v regeditu nenašel ten klíč?

pedrovec · #14 Příspěvek od **pedrovec** » 24 bře 2010 21:50

mbam nenasiel nic.

#15 Příspěvek od **motji** » 24 bře 2010 21:52

A do registru jste se díval?

VIRY.CZ

Trojan-Dropper.agent

Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent

Re: Trojan-Dropper.agent