CHYBY (RSIT LOG+COMBOFIX LOG+OTL LOG)

[TheTrooper]

TADY SOU NEJAKE FAKTY:
- Zobrazuje se mi iba C:/,D:/ (Hard Disky) , A:/ (čítačka diskiet) , ale E:/ mi napr. neukazuje (napalovačka) .
- OTL LOG (ze dne 1.5.2010)
- ComboFix LOG (ze dne 2.5.2010) (normální režim , gabi (múj účet) )
- RSIT LOG (ze dne 1.5.2010)



srry za moji češtinu , sem slovák

[TheTrooper]

RSIT LOG
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gabi at 2010-05-01 08:57:02
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 30 GB (39%) free of 76 GB
Total RAM: 511 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:16, on 1. 5. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\FlashMute\FlashMute.exe
C:\Program Files\Steam\Steam.exe
D:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Documents and Settings\Gabi\Plocha\RSIT.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\trend micro\Gabi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [FlashMute] C:\Program Files\FlashMute\FlashMute.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [d3davilibrary] rundll32.exe "C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\d3davilibrary\d3davilibrary.dll", DllInit
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: monxga32.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (file missing)

--
End of file - 9148 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\Spybot\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-06-29 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"=C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe [2005-02-25 208896]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-08-17 949376]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-08-18 2176000]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-05-28 528384]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-03-09 1286608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"FlashMute"=C:\Program Files\FlashMute\FlashMute.exe [2006-03-11 221184]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-04-26 1238352]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2009-12-18 427328]
"uTorrent"=D:\Program Files\uTorrent\uTorrent.exe [2010-03-12 319792]
"d3davilibrary"=C:\WINDOWS\system32\config\system [2010-05-01 5767168]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Gabi\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
monxga32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-08-17 118784]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe"="C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\VALVe\Garry's Mod\hl2.exe"="C:\Program Files\VALVe\Garry's Mod\hl2.exe:*:Enabled:Garry's_Mod"
"C:\Program Files\VALVe\Garry's Mod\srcds.exe"="C:\Program Files\VALVe\Garry's Mod\srcds.exe:*:Enabled:Garry's_Mod_Dedicated_Server"
"D:\Program Files\FlatOut2\FlatOut2.exe"="D:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"D:\Program Files\World of Warcraft\BackgroundDownloader.exe"="D:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-30 19:45:55 ----A---- C:\Boot.bak
2010-04-30 19:45:48 ----RASHD---- C:\cmdcons
2010-04-30 19:44:19 ----SHD---- C:\RECYCLER
2010-04-30 19:44:04 ----SD---- C:\ComboFix
2010-04-30 18:36:51 ----D---- C:\WINDOWS\temp
2010-04-30 18:25:08 ----A---- C:\WINDOWS\zip.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\SWSC.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\SWREG.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\sed.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\PEV.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\MBR.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\grep.exe
2010-04-30 18:08:30 ----D---- C:\WINDOWS\ERDNT
2010-04-30 18:07:32 ----D---- C:\Qoobox
2010-04-29 21:10:47 ----D---- C:\rsit
2010-04-29 21:10:47 ----D---- C:\Program Files\trend micro
2010-04-29 20:49:04 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-28 17:52:40 ----D---- C:\Documents and Settings\Gabi\Data aplikací\Uniblue
2010-04-28 17:46:53 ----D---- C:\Program Files\Uniblue
2010-04-27 20:35:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegCure
2010-04-27 20:35:01 ----D---- C:\Program Files\RegCure
2010-04-27 19:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-04-27 19:48:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-27 17:50:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-27 17:49:29 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-26 20:39:50 ----A---- C:\procexp.exe
2010-04-25 20:08:38 ----SHD---- C:\WINDOWS\CSC
2010-04-25 20:05:07 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-04-25 20:05:07 ----A---- C:\WINDOWS\system32\wups2.dll
2010-04-25 20:05:06 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-04-25 20:05:03 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-04-25 20:04:59 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-04-25 20:03:08 ----D---- C:\daee6bf9b8df2bb6e9f42f
2010-04-24 14:35:46 ----A---- C:\WINDOWS\BDTSupport.dll
2010-04-24 14:35:44 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-04-24 14:35:43 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-04-24 14:35:43 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-04-24 14:27:23 ----D---- C:\Program Files\Common Files\PC Tools
2010-04-24 14:27:22 ----D---- C:\Program Files\Spyware Doctor
2010-04-24 14:27:22 ----D---- C:\Documents and Settings\Gabi\Data aplikací\PC Tools
2010-04-24 14:27:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2010-04-24 14:26:07 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-04-24 14:17:06 ----D---- C:\Documents and Settings\Gabi\Data aplikací\Malwarebytes
2010-04-24 14:16:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-24 14:16:29 ----D---- C:\Program Files\Malwarebytes
2010-04-24 09:54:28 ----D---- C:\Program Files\Spybot
2010-04-24 09:54:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-04-22 21:18:19 ----D---- C:\WINDOWS\Minidump
2010-04-21 20:43:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\avG
2010-04-21 19:37:47 ----D---- C:\Program Files\NOS
2010-04-17 08:40:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-04-17 08:40:31 ----D---- C:\Program Files\Common Files\Java
2010-04-17 08:40:11 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-17 08:40:11 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-17 08:40:11 ----A---- C:\WINDOWS\system32\java.exe
2010-04-17 08:40:11 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-04-11 20:18:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-04-11 20:18:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2010-04-11 20:17:57 ----D---- C:\Program Files\McAfee Security Scan
2010-04-02 18:00:09 ----D---- C:\Program Files\Ubisoft

======List of files/folders modified in the last 1 months======

2010-05-01 08:56:35 ----D---- C:\Program Files\Steam
2010-05-01 08:56:35 ----D---- C:\Documents and Settings\Gabi\Data aplikací\uTorrent
2010-04-30 20:06:02 ----D---- C:\WINDOWS\system32\drivers
2010-04-30 20:06:02 ----D---- C:\WINDOWS\system32
2010-04-30 20:06:02 ----D---- C:\WINDOWS\AppPatch
2010-04-30 20:06:02 ----AD---- C:\WINDOWS
2010-04-30 20:05:57 ----D---- C:\Program Files\Common Files
2010-04-30 19:59:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-30 19:59:05 ----D---- C:\WINDOWS\Prefetch
2010-04-30 19:45:55 ----RASH---- C:\boot.ini
2010-04-30 19:11:02 ----SD---- C:\WINDOWS\Tasks
2010-04-30 18:44:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-04-30 18:40:43 ----A---- C:\WINDOWS\system.ini
2010-04-30 18:38:04 ----D---- C:\WINDOWS\system32\config
2010-04-29 21:10:47 ----D---- C:\Program Files
2010-04-28 19:16:55 ----D---- C:\WINDOWS\SD_OLD
2010-04-28 19:12:44 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-28 19:12:36 ----HD---- C:\WINDOWS\inf
2010-04-27 19:48:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-26 20:32:08 ----D---- C:\Program Files\Spyware Terminator
2010-04-25 20:05:06 ----D---- C:\WINDOWS\Help
2010-04-25 19:53:14 ----D---- C:\Documents and Settings
2010-04-25 18:05:18 ----D---- C:\Documents and Settings\Gabi\Data aplikací\Spyware Terminator
2010-04-24 15:20:23 ----D---- C:\WINDOWS\ime
2010-04-24 14:28:26 ----SHD---- C:\WINDOWS\Installer
2010-04-24 14:28:25 ----D---- C:\Config.Msi
2010-04-24 14:28:21 ----D---- C:\WINDOWS\WinSxS
2010-04-21 20:43:24 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-21 20:41:37 ----D---- C:\Program Files\Mozilla Firefox
2010-04-21 19:41:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2010-04-17 08:40:08 ----D---- C:\Program Files\Java
2010-04-13 16:11:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-13 08:14:00 ----D---- C:\Documents and Settings\Gabi\Data aplikací\Skype
2010-04-04 15:03:34 ----A---- C:\moduleName.txt
2010-04-02 18:00:06 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2009-12-28 3069040]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-08-17 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-08-17 512096]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-08-17 2371584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-08 47360]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 RushTopDevice;RushTopDevice; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\RushTop.sys []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 SlowDownCPU;SlowDownCPU; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\NTGLM7X.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-01 260288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\DOCUME~1\Gabi\LOCALS~1\Temp\catchme.sys []
S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service; C:\WINDOWS\system32\drivers\zmghpau.sys [2008-08-11 91136]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-03-27 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-08-17 483328]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-08-17 552064]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-08-18 487424]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2009-12-28 316816]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-08-16 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-09-19 3474384]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[TheTrooper]

COMBOFIX LOG(Stav Nouze s prácí v síti , Múj Účet , psalo , abych vypnul NOD 32 , ktery ale nebyl zapnut )
sprava pokracuje po logu

ComboFix 10-04-30.03 - Gabi . 05. 2010 9:44.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.357 [GMT 2:00]
Running from: c:\documents and settings\Gabi\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

-- Previous Run --

-- Previous Run --

c:\windows\system32\drivers\cdrom.sys . . . is missing!!

--------

c:\windows\system32\drivers\cdrom.sys . . . is missing!!

--------

c:\windows\system32\drivers\cdrom.sys . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-04-29 19:10 . 2010-05-01 06:58 -------- d-----w- c:\program files\trend micro
2010-04-29 19:10 . 2010-04-29 19:11 -------- d-----w- C:\rsit
2010-04-28 15:46 . 2010-04-28 15:46 -------- d-----w- c:\program files\Uniblue
2010-04-27 18:35 . 2010-04-27 18:39 -------- d-----w- c:\program files\RegCure
2010-04-27 17:48 . 2010-04-27 17:48 -------- d--h--w- c:\windows\$hf_mig$
2010-04-26 18:39 . 2010-04-15 06:01 3879288 ----a-w- C:\procexp.exe
2010-04-26 17:47 . 2010-04-26 17:47 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-04-26 17:17 . 2010-04-26 17:17 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-04-25 18:05 . 2008-10-16 12:09 43544 ----a-w- c:\windows\system32\wups2.dll
2010-04-25 18:03 . 2010-04-25 18:06 -------- d-----w- C:\daee6bf9b8df2bb6e9f42f
2010-04-24 12:35 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-24 12:35 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-24 12:35 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-04-24 12:35 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-24 12:35 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-24 12:35 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-24 12:28 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-24 12:28 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-24 12:28 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-24 12:28 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-24 12:27 . 2010-04-24 12:36 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-24 12:27 . 2010-05-01 07:27 -------- d-----w- c:\program files\Spyware Doctor
2010-04-24 12:16 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 12:16 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 12:16 . 2010-04-24 12:16 -------- d-----w- c:\program files\Malwarebytes
2010-04-24 07:54 . 2010-04-24 12:05 -------- d-----w- c:\program files\Spybot
2010-04-21 17:37 . 2010-04-21 17:37 -------- d-----w- c:\program files\NOS
2010-04-17 06:40 . 2010-04-17 06:40 -------- d-----w- c:\program files\Common Files\Java
2010-04-17 06:40 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-11 18:17 . 2010-04-25 16:47 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-02 16:00 . 2010-04-02 16:00 -------- d-----w- c:\program files\Ubisoft
2010-04-02 15:59 . 2010-04-02 15:59 1 ----a-w- c:\windows\system32\SI.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 06:56 . 2010-01-03 12:35 -------- d-----w- c:\program files\Steam
2010-04-28 18:53 . 2009-08-17 19:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-26 18:32 . 2009-08-18 19:39 -------- d-----w- c:\program files\Spyware Terminator
2010-04-17 06:40 . 2009-08-17 21:43 -------- d-----w- c:\program files\Java
2010-04-02 16:00 . 2009-08-17 20:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 09:09 . 2010-03-31 09:09 -------- d-----w- c:\program files\SlySoft
2010-03-30 15:23 . 2010-03-30 15:20 -------- d-----w- c:\program files\ophcrack
2010-03-30 14:28 . 2010-03-27 12:09 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-29 17:01 . 2010-03-29 16:55 -------- d-----w- c:\program files\360WavesPatcher
2010-03-29 16:55 . 2010-03-29 16:55 -------- d-----w- c:\program files\Common Files\PC SOFT
2010-03-28 06:59 . 2001-10-25 12:00 77876 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 06:59 . 2001-10-25 12:00 428730 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 12:10 . 2009-08-22 07:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-27 11:55 . 2009-08-22 07:57 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-14 19:35 . 2010-03-14 19:35 -------- d-----w- c:\program files\Delta
2010-03-05 15:12 . 2010-03-05 15:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 18:45 . 2010-02-17 18:45 241 ----a-w- c:\documents and settings\Gabi\SR.vbs
2010-02-07 09:58 . 2010-02-07 09:58 0 ----a-r- C:\logwmemory.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"FlashMute"="c:\program files\FlashMute\FlashMute.exe" [2006-03-11 221184]
"Steam"="c:\program files\Steam\Steam.exe" [2010-04-26 1238352]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2010-03-12 319792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"="c:\windows\INF\MSI\SlowDownCPU\SlowDownCPU.exe" [2005-02-25 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-17 949376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-18 2176000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Gabi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
monxga32.exe [2004-8-17 30720]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VALVe\\Garry's Mod\\hl2.exe"=
"c:\\Program Files\\VALVe\\Garry's Mod\\srcds.exe"=
"d:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"14883:TCP"= 14883:TCP:uTorrent
"14883:UDP"= 14883:UDP:14883

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24. 4. 2010 14:28 218592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22. 8. 2009 9:05 691696]
S1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [28. 12. 2009 18:38 3069040]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17. 8. 2009 23:28 15424]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [18. 8. 2009 21:40 142592]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24. 4. 2010 14:35 112592]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6. 12. 2009 20:25 222968]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24. 4. 2010 14:27 366840]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24. 4. 2010 14:16 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15. 1. 2010 14:49 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [17. 8. 2009 22:04 23424]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [24. 12. 2009 12:19 18432]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [11. 8. 2008 11:02 91136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-04-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:57]

2010-05-01 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:57]

2010-04-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://ultimate-guitar.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 09:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-73586283-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e7,2b,ca,6a,ac,fc,06,75,1c,c7,42,4c,4f,5d,54,fc,77,5a,ff,63,14,7c,20,
c0,96,b5,6d,e1,86,77,b6,84,a6,c6,24,03,50,c7,e4,7b,40,f3,76,8b,2a,ca,30,a0,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1292428093-73586283-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:a9,8b,e1,af,f3,87,99,22,38,b6,80,12,d4,63,71,b8,84,6a,cb,7a,3a,
8b,99,c4,95,28,8a,5d,c1,e5,4f,93,d9,f2,5f,9e,8a,ba,cf,1c,08,3d,db,0b,93,f1,\
"rkeysecu"=hex:3a,ac,05,db,e6,8e,f0,ab,08,b6,0b,d9,3b,25,ea,fe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-01 09:57:34
ComboFix-quarantined-files.txt 2010-05-01 07:57
ComboFix2.txt 2010-04-30 17:38

Pre-Run: Volných bajtů: 31 137 415 168
Post-Run: Volných bajtů: 31 381 282 816

- - End Of File - - 975435F7E390905FC5B9DE8946755C28

Tenhle log se delal blbo , v normalnim rezime sem se ho pokousel spravit taky , ale seklo to kdyz psalo :

Removing Files
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/NTOS.EXE
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/OEMBIOS.EXE
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/TWEXT.EXE
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/TWEX.EXE
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/SDRA64.EXE
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/INTEL64.EXE
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/WSNPOEMA.EXE
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/SWIN32.EXE
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/LOCALSYS64.EXE
C:/DOCUMENTS AND SETTINGS/GABI/DATA APLIKACÝ/OASHDIHASIDHASUIDHIASDHIASHDIUASDHASD

Quarantne list

010-04-30 16:57:31 . 2010-04-30 16:57:32 234 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-d3davilibrary.reg.dat
2010-04-30 16:32:20 . 2010-04-30 16:32:20 2,414 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat
2010-04-30 16:32:20 . 2010-04-30 16:32:20 1,208 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat
2010-04-30 16:31:55 . 2010-04-30 16:31:55 5,925 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-04-30 16:08:30 . 2010-04-30 16:25:01 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-04-26 18:47:52 . 2010-04-26 18:47:52 50,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
2010-04-26 18:47:52 . 2010-04-26 18:47:52 281,104 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
2010-04-26 18:47:52 . 2010-04-26 18:47:52 100,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Packet.dll.vir
2010-04-25 17:03:09 . 2010-04-25 17:03:09 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd.vir
2010-04-25 16:59:00 . 2010-04-25 16:59:00 29,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\wuaucldt.exe.vir
2001-01-12 09:52:26 . 2001-01-12 09:52:26 44,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vbpng1.dll.vir
1999-08-18 08:54:22 . 1999-08-18 08:54:22 71,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ijl11.dll.vir

[TheTrooper]

RSIT LOG BYL AKTUALIZOVÁN

[TheTrooper]

ComboFix LOG BYL AKTUALIZOVÁN

[TheTrooper]

OTL LOG :

OTL logfile created on: 1. 5. 2010 11:17:55 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

511,00 Mb Total Physical Memory | 289,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 29,23 Gb Free Space | 39,23% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 13,04 Gb Free Space | 17,49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 50418C42462B45E
Current User Name: Gabi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.01 11:10:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2010.04.02 18:32:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.08.18 21:40:01 | 000,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009.08.18 21:40:00 | 002,176,000 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009.08.17 23:26:59 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2009.08.17 23:26:59 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2009.08.16 15:01:16 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.01.30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2007.05.28 10:14:42 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007.03.16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2006.03.11 21:49:16 | 000,221,184 | ---- | M] () -- C:\Program Files\FlashMute\flashmute.exe
PRC - [2005.02.25 04:22:38 | 000,208,896 | ---- | M] () -- C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe
PRC - [2004.10.14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010.05.01 11:10:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
MOD - [2010.02.26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2006.03.11 21:49:16 | 000,114,688 | ---- | M] () -- C:\Program Files\FlashMute\mutelib.dll
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (TuneUp.Defrag)
SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.28 18:38:15 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2009.10.29 21:38:10 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.19 20:46:00 | 003,474,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009.08.18 21:40:01 | 000,487,424 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009.08.17 23:26:59 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2009.08.16 15:01:16 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.03.29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010.03.27 14:10:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.28 18:38:16 | 003,069,040 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2009.08.18 21:40:01 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.08.17 23:27:00 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2009.08.17 23:26:59 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2009.07.27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.02.17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008.08.11 11:02:10 | 000,091,136 | ---- | M] (ZOOM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zmghpau.sys -- (ZMGHPAudioSrv)
DRV - [2007.08.17 05:09:20 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.04.04 12:43:38 | 000,098,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV - [2007.04.04 12:43:36 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex)
DRV - [2007.04.04 12:43:36 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV - [2007.04.04 12:43:34 | 000,108,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007.04.04 12:43:34 | 000,100,360 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.04 12:43:32 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007.04.04 12:43:20 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.23 19:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2005.03.04 05:10:26 | 000,074,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005.02.22 08:47:44 | 000,039,040 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys -- (RushTopDevice)
DRV - [2004.11.01 11:12:36 | 000,023,424 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS -- (SlowDownCPU)
DRV - [2004.09.14 06:55:44 | 000,088,960 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004.08.04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2004.04.26 02:49:56 | 000,381,056 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1292428093-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
IE - HKU\S-1-5-21-1292428093-73586283-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1292428093-73586283-839522115-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1292428093-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://ultimate-guitar.com/"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.4
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.11 15:57:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.21 19:37:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2010.03.18 18:22:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins

[2009.08.17 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Extensions
[2010.05.01 08:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions
[2009.09.04 20:01:00 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010.04.03 20:26:40 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010.02.04 16:12:58 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.05.01 08:18:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.27 12:51:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.04.21 19:37:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.21 22:30:09 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.03.17 17:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\amin.eft_Shutdown@gmail.com
[2010.05.01 08:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\firefox@facebook.com
[2010.05.01 08:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\staged-xpis
[2010.05.01 08:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009.08.22 10:07:23 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\daemon-search.xml
[2010.01.06 15:52:17 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin-1.xml
[2010.02.16 18:11:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin-2.xml
[2010.03.25 14:58:42 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin-3.xml
[2010.04.02 18:33:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin-4.xml
[2008.03.31 10:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin.gif
[2008.03.31 10:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin.src
[2009.10.14 19:13:26 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin.xml
[2010.05.01 08:19:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.06 20:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.17 08:40:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.02.16 18:10:41 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.02.16 18:10:41 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.02.16 18:10:41 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.02.16 18:10:41 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.02.16 18:10:41 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.02.16 18:10:41 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010.04.30 18:39:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [SlowDownCPU] C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [FlashMute] C:\Program Files\FlashMute\flashmute.exe ()
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Gabi\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Gabi\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gabi\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.08.17 21:40:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (http://www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (http://www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (61375155674284032)

========== Files/Folders - Created Within 7 Days ==========

[2010.05.01 11:00:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.01 09:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.30 19:45:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.04.30 18:25:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.30 18:25:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.30 18:25:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.30 18:25:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.30 18:08:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.04.30 18:07:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.29 21:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.29 21:10:47 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.29 20:49:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010.04.28 17:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabi\Data aplikací\Uniblue
[2010.04.28 17:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010.04.27 20:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\RegCure
[2010.04.27 20:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010.04.27 19:48:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010.04.27 15:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Adobe
[2010.04.26 20:39:50 | 003,879,288 | ---- | C] (Sysinternals - http://www.sysinternals.com) -- C:\procexp.exe
[2010.04.26 19:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Threat Expert
[2010.04.25 20:08:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.04.25 20:05:07 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2010.04.25 20:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010.04.25 20:05:06 | 000,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010.04.25 20:05:03 | 000,018,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2010.04.25 20:05:02 | 000,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2010.04.25 20:04:59 | 000,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010.04.25 20:03:08 | 000,000,000 | ---D | C] -- C:\daee6bf9b8df2bb6e9f42f
[2010.04.25 18:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\McAfee
[2010.04.24 14:53:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\Threat Expert
[2010.04.24 14:35:44 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.04.24 14:35:43 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.04.24 14:35:43 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.04.24 14:28:53 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.04.24 14:28:35 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.04.24 14:28:35 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.04.24 14:28:05 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.04.24 14:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.04.24 14:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.04.24 14:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabi\Data aplikací\PC Tools
[2010.04.24 14:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\PC Tools
[2010.04.24 14:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.04.24 14:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabi\Data aplikací\Malwarebytes
[2010.04.24 14:16:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.24 14:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.24 14:16:32 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.24 14:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2010.04.24 14:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\avG

========== Files - Modified Within 7 Days ==========

[2010.05.01 11:04:24 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010.05.01 11:04:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.01 11:04:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.01 11:03:14 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Gabi\ntuser.dat
[2010.05.01 11:03:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gabi\ntuser.ini
[2010.05.01 09:53:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.01 09:42:38 | 003,924,810 | R--- | M] () -- C:\Documents and Settings\Gabi\Plocha\ComboFix.exe
[2010.04.30 19:45:55 | 000,000,460 | RHS- | M] () -- C:\boot.ini
[2010.04.30 18:39:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.29 21:10:00 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Gabi\Plocha\RSIT.exe
[2010.04.28 20:53:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.28 19:10:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.04.28 19:10:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.04.28 17:46:55 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\RegistryBooster.lnk
[2010.04.28 17:00:01 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010.04.27 20:50:35 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Gabi\Plocha\Spybot - Search & Destroy.lnk
[2010.04.27 20:40:45 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010.04.27 20:35:04 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\RegCure.lnk
[2010.04.27 16:34:21 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.26 20:54:02 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Steam.lnk
[2010.04.26 20:47:35 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\kcmdte.dat
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.25 20:19:59 | 000,013,016 | -HS- | M] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\W1V4gTA17lv6V
[2010.04.25 20:19:59 | 000,013,016 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\W1V4gTA17lv6V
[2010.04.25 18:49:27 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
[2010.04.25 18:49:26 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
[2010.04.24 15:07:50 | 000,012,544 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 15:07:50 | 000,012,544 | -HS- | M] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\1891633005
[2010.04.24 15:07:48 | 000,013,314 | -HS- | M] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\3413392581
[2010.04.24 15:07:25 | 000,013,046 | -HS- | M] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 15:07:25 | 000,013,046 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 15:07:04 | 000,012,980 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\I6vNTV7g2h23
[2010.04.24 14:28:22 | 000,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Doctor.lnk
[2010.04.24 14:21:11 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\Gabi\Plocha\exefix.reg

========== Files Created - No Company Name ==========

[2010.04.30 19:45:55 | 000,000,389 | ---- | C] () -- C:\Boot.bak
[2010.04.30 19:45:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010.04.30 18:25:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.30 18:25:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.30 18:25:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.30 18:25:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.30 18:25:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.30 18:09:57 | 003,924,810 | R--- | C] () -- C:\Documents and Settings\Gabi\Plocha\ComboFix.exe
[2010.04.29 21:14:54 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Gabi\Plocha\RSIT.exe
[2010.04.28 17:46:55 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\RegistryBooster.lnk
[2010.04.27 20:35:40 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010.04.27 20:35:40 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010.04.27 20:35:40 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010.04.27 20:35:04 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\RegCure.lnk
[2010.04.26 20:47:32 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Gabi\Data aplikací\kcmdte.dat
[2010.04.25 20:17:28 | 000,013,016 | -HS- | C] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\W1V4gTA17lv6V
[2010.04.25 19:01:22 | 000,013,016 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\W1V4gTA17lv6V
[2010.04.25 18:58:59 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Data aplikací\kcmdte.dat
[2010.04.25 18:49:26 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
[2010.04.25 18:49:26 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
[2010.04.24 14:35:46 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.04.24 14:35:44 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.04.24 14:35:44 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.04.24 14:35:44 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.04.24 14:35:43 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.04.24 14:28:53 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.04.24 14:28:36 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.04.24 14:28:35 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.04.24 14:28:22 | 000,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Doctor.lnk
[2010.04.24 14:28:05 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.04.24 14:21:10 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\Gabi\Plocha\exefix.reg
[2010.04.24 14:16:43 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.24 14:07:42 | 000,013,314 | -HS- | C] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\3413392581
[2010.04.24 14:07:36 | 000,012,544 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 14:07:36 | 000,012,544 | -HS- | C] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\1891633005
[2010.04.24 14:07:09 | 000,013,046 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 14:07:08 | 000,013,046 | -HS- | C] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 14:06:31 | 000,012,980 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\1891633005
[2009.12.24 12:19:57 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009.11.14 15:18:17 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009.11.09 21:53:51 | 000,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009.09.08 17:52:06 | 000,000,018 | ---- | C] () -- C:\WINDOWS\cnc.ini
[2009.09.01 17:00:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009.09.01 09:33:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.09.01 09:06:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009.08.22 09:05:07 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.08.18 21:40:01 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.08.18 12:57:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009.08.17 23:28:14 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009.08.17 23:14:22 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.08.17 22:50:53 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.08.11 11:02:00 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\zmghpaso.dll
[2004.08.17 15:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[TheTrooper]

========== LOP Check ==========

[2010.04.28 21:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\COWON
[2010.04.26 20:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
[2010.04.27 18:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Teleca
[2010.04.28 17:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Uniblue
[2010.04.21 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.08.22 09:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.08.22 09:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Pro
[2009.12.06 20:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.08.19 15:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PopCap Games
[2010.04.27 20:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RegCure
[2010.04.30 18:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.01.26 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Steinberg
[2009.12.24 12:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Syncrosoft
[2009.08.22 08:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2010.05.01 11:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.12.02 16:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.12.08 23:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2010.01.26 18:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\VST3 Presets
[2009.11.25 21:48:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009.09.07 18:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\COWON
[2009.08.22 10:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\DAEMON Tools Lite
[2010.03.27 14:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\DAEMON Tools Pro
[2009.10.03 18:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\fltk.org
[2009.11.28 10:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\ICQ
[2009.11.12 20:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Gabi\Data aplikací\ijjigame
[2009.11.28 09:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\IrfanView
[2009.10.12 17:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Leadertech
[2009.11.17 19:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\LucasArts
[2009.09.01 16:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Megaupload
[2009.11.17 14:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\PopCapv1002
[2009.11.14 20:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\PopCapv1005eni
[2010.02.07 11:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Soldat
[2010.04.25 18:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Spyware Terminator
[2010.01.26 18:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Steinberg
[2009.08.22 08:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Teleca
[2009.08.19 09:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Thunderbird
[2009.11.25 21:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\TuneUp Software
[2010.04.28 17:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Uniblue
[2010.05.01 11:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\uTorrent
[2009.12.23 20:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Vso
[2010.04.28 17:00:01 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010.05.01 11:04:24 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2010.04.27 20:40:45 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"AlcoholAutomount" = "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount -- [2009.04.24 05:21:40 | 000,203,928 | ---- | M] (Alcohol Soft Development Team)
"FlashMute" = C:\Program Files\FlashMute\FlashMute.exe -- [2006.03.11 21:49:16 | 000,221,184 | ---- | M] ()
"Steam" = "C:\Program Files\Steam\Steam.exe" -silent -- [2010.04.26 19:56:56 | 001,238,352 | ---- | M] (Valve Corporation)
"DAEMON Tools Pro Agent" = "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun -- [2009.12.18 12:24:40 | 000,427,328 | ---- | M] (DT Soft Ltd)
"uTorrent" = "D:\Program Files\uTorrent\uTorrent.exe" -- [2010.03.12 19:11:10 | 000,319,792 | ---- | M] (BitTorrent, Inc.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2010.04.15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - http://www.sysinternals.com) -- C:\procexp.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.12.25 16:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Adobe
[2009.08.18 00:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Apple Computer
[2009.08.22 22:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\ATI
[2009.09.07 18:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\COWON
[2009.08.22 10:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\DAEMON Tools Lite
[2010.03.27 14:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\DAEMON Tools Pro
[2009.10.03 18:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\fltk.org
[2009.11.28 10:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\ICQ
[2009.08.17 21:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Identities
[2009.11.12 20:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Gabi\Data aplikací\ijjigame
[2009.12.13 10:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\InstallShield
[2009.11.28 09:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\IrfanView
[2009.08.18 22:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Lavasoft
[2009.10.12 17:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Leadertech
[2009.11.17 19:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\LucasArts
[2009.08.17 23:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Macromedia
[2010.04.24 14:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Malwarebytes
[2009.09.01 16:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Megaupload
[2009.08.27 11:01:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Gabi\Data aplikací\Microsoft
[2009.08.19 09:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla
[2010.04.24 14:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\PC Tools
[2009.11.17 14:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\PopCapv1002
[2009.11.14 20:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\PopCapv1005eni
[2009.08.21 10:04:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Gabi\Data aplikací\SecuROM
[2010.04.13 08:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Skype
[2009.08.18 21:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\skypePM
[2010.02.07 11:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Soldat
[2009.08.22 08:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Sony Ericsson
[2010.04.25 18:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Spyware Terminator
[2010.01.26 18:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Steinberg
[2009.08.17 23:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Sun
[2009.08.19 09:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Talkback
[2009.08.22 08:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Teleca
[2009.08.19 09:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Thunderbird
[2009.11.25 21:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\TuneUp Software
[2010.04.28 17:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Uniblue
[2010.05.01 11:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\uTorrent
[2009.12.23 20:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Vso
[2009.08.21 09:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2009.12.08 20:38:06 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\inst.exe
[2009.12.01 21:07:07 | 000,003,128 | R--- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Microsoft\Installer\{147567F0-8575-4BE0-B5B3-62706C67FA5A}\ARPPRODUCTICON.exe
[2009.12.01 20:15:27 | 000,003,128 | R--- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
[2009.12.01 21:09:47 | 000,339,968 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Gabi\Data aplikací\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\ARPPRODUCTICON.exe
[2009.12.01 21:09:47 | 000,339,968 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Gabi\Data aplikací\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\Toontrack_solo.exe_192BF97F92894FC3B3234C1515C42CCD.exe
[2009.12.01 21:09:47 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Gabi\Data aplikací\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\UNINST_Uninstall_T_5866520C88574986833A039F4584C3F7.exe
[2009.08.22 11:38:12 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2010.03.29 08:53:22 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe


< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 00:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.03.27 14:10:04 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009.08.17 23:18:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.08.17 23:18:11 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.08.17 23:18:10 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.04.28 19:10:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\system32\amcompat.tlb
[2010.04.28 20:53:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2010.04.28 19:10:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\system32\nscompat.tlb

========== Alternate Data Streams ==========

@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
< End of report >

[TheTrooper]

Tady je 1. OTL log .. na druhom pracujem


========== OTL ==========
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1292428093-73586283-839522115-1003_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1292428093-73586283-839522115-1003_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1292428093-73586283-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\ not found.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8 deleted successfully.
========== FILES ==========
AGP440.sys extracted to C:\
File c:\windows\system32\drivers\AGP440.sys successfully replaced with c:\AGP440.sys
cdrom.sys extracted to C:\
File c:\windows\system32\drivers\cdrom.sys successfully replaced with c:\cdrom.sys
Changer.sys extracted to C:\
File c:\windows\system32\drivers\Changer.sys successfully replaced with c:\Changer.sys
========== COMMANDS ==========
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.4.0 log created on 05012010_123051

[TheTrooper]

ne , ty jednotky nevidim
2. OTL LOG :

OTL logfile created on: 1. 5. 2010 22:14:14 - Run 2
OTL by OldTimer - Version 3.2.4.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d. M. yyyy

511,00 Mb Total Physical Memory | 207,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 29,42 Gb Free Space | 39,48% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 13,04 Gb Free Space | 17,49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 50418C42462B45E
Current User Name: Gabi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.01 12:22:15 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2010.05.01 12:22:15 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2010.05.01 11:10:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2010.03.12 19:11:10 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\uTorrent\uTorrent.exe
PRC - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.08.18 21:40:01 | 000,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009.08.18 21:40:00 | 002,176,000 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009.08.16 15:01:16 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.01.30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2007.05.28 10:14:42 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007.03.16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2006.03.11 21:49:16 | 000,221,184 | ---- | M] () -- C:\Program Files\FlashMute\flashmute.exe
PRC - [2005.02.25 04:22:38 | 000,208,896 | ---- | M] () -- C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe
PRC - [2004.10.14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010.05.01 11:10:46 | 000,570,880 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
MOD - [2006.03.11 21:49:16 | 000,114,688 | ---- | M] () -- C:\Program Files\FlashMute\mutelib.dll
MOD - [2004.08.17 15:48:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (TuneUp.Defrag)
SRV - [2010.05.01 12:22:15 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.28 18:38:15 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2009.10.29 21:38:10 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.19 20:46:00 | 003,474,384 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009.08.18 21:40:01 | 000,487,424 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009.08.16 15:01:16 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010.05.01 12:22:18 | 000,512,096 | ---- | M] (Eset ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2010.05.01 12:22:15 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.03.29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010.03.27 14:10:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.28 18:38:16 | 003,069,040 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2009.08.18 21:40:01 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.07.27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.02.17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2008.08.11 11:02:10 | 000,091,136 | ---- | M] (ZOOM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zmghpau.sys -- (ZMGHPAudioSrv)
DRV - [2007.08.17 05:09:20 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.04.04 12:43:38 | 000,098,952 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV - [2007.04.04 12:43:36 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex)
DRV - [2007.04.04 12:43:36 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV - [2007.04.04 12:43:34 | 000,108,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007.04.04 12:43:34 | 000,100,360 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.04 12:43:32 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007.04.04 12:43:20 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.23 19:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2005.03.04 05:10:26 | 000,074,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005.02.22 08:47:44 | 000,039,040 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\inf\MSI\SlowDownCPU\RushTop.sys -- (RushTopDevice)
DRV - [2004.11.01 11:12:36 | 000,023,424 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\inf\MSI\SlowDownCPU\NTGLM7X.SYS -- (SlowDownCPU)
DRV - [2004.09.14 06:55:44 | 000,088,960 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004.08.04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Changer.sys -- (Changer)
DRV - [2004.04.26 02:49:56 | 000,381,056 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1292428093-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
IE - HKU\S-1-5-21-1292428093-73586283-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1292428093-73586283-839522115-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1292428093-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://ultimate-guitar.com/"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.4
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.11 15:57:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.21 19:37:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2010.03.18 18:22:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins

[2009.08.17 23:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Extensions
[2010.05.01 08:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions
[2009.09.04 20:01:00 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010.04.03 20:26:40 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010.02.04 16:12:58 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.05.01 08:18:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.27 12:51:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.04.21 19:37:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.21 22:30:09 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.03.17 17:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\amin.eft_Shutdown@gmail.com
[2010.05.01 08:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\firefox@facebook.com
[2010.05.01 08:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\staged-xpis
[2010.05.01 08:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\YoutubeDownloader@PeterOlayev.com
[2009.08.22 10:07:23 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\daemon-search.xml
[2010.01.06 15:52:17 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin-1.xml
[2010.02.16 18:11:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin-2.xml
[2010.03.25 14:58:42 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin-3.xml
[2010.04.02 18:33:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin-4.xml
[2008.03.31 10:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin.gif
[2008.03.31 10:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin.src
[2009.10.14 19:13:26 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\searchplugins\icqplugin.xml
[2010.05.01 08:19:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.06 20:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.17 08:40:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.02.16 18:10:41 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.02.16 18:10:41 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.02.16 18:10:41 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.02.16 18:10:41 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.02.16 18:10:41 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.02.16 18:10:41 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010.04.30 18:39:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [SlowDownCPU] C:\WINDOWS\inf\MSI\SlowDownCPU\SlowDownCPU.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [FlashMute] C:\Program Files\FlashMute\flashmute.exe ()
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1292428093-73586283-839522115-1003..\Run: [uTorrent] D:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Gabi\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Gabi\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gabi\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010.05.01 12:30:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Changer.sys
[2010.05.01 12:30:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.05.01 12:30:57 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.05.01 12:30:57 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\changer.sys
[2010.05.01 12:30:56 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\cdrom.sys
[2010.05.01 12:30:56 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2010.05.01 12:30:52 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\agp440.sys
[2010.05.01 11:00:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.05.01 09:57:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.30 19:45:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.04.30 18:25:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.30 18:25:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.30 18:25:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.30 18:25:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.30 18:08:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.04.30 18:07:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.29 21:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.29 21:10:47 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.29 20:49:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010.04.28 17:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabi\Data aplikací\Uniblue
[2010.04.28 17:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010.04.27 20:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\RegCure
[2010.04.27 20:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010.04.27 19:48:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010.04.27 15:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Adobe
[2010.04.26 20:39:50 | 003,879,288 | ---- | C] (Sysinternals - http://www.sysinternals.com) -- C:\procexp.exe
[2010.04.26 19:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Threat Expert
[2010.04.25 20:08:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010.04.25 20:05:07 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2010.04.25 20:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010.04.25 20:05:06 | 000,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010.04.25 20:05:03 | 000,018,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2010.04.25 20:05:02 | 000,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2010.04.25 20:04:59 | 000,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010.04.25 20:03:08 | 000,000,000 | ---D | C] -- C:\daee6bf9b8df2bb6e9f42f
[2010.04.25 18:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\McAfee

========== Files - Modified Within 7 Days ==========

[2010.05.01 22:11:49 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010.05.01 22:11:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.01 22:11:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.01 22:10:45 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Gabi\ntuser.dat
[2010.05.01 22:10:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gabi\ntuser.ini
[2010.05.01 21:27:44 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Gabi\Dokumenty\práce 2009.xls
[2010.05.01 17:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010.05.01 12:22:21 | 000,298,104 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll
[2010.05.01 12:22:18 | 000,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\System32\drivers\amon.sys
[2010.05.01 12:22:15 | 000,015,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2010.05.01 12:01:40 | 000,007,896 | ---- | M] () -- C:\Documents and Settings\Gabi\Plocha\Extras.rar
[2010.05.01 09:53:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.01 09:42:38 | 003,924,810 | R--- | M] () -- C:\Documents and Settings\Gabi\Plocha\ComboFix.exe
[2010.04.30 19:45:55 | 000,000,460 | RHS- | M] () -- C:\boot.ini
[2010.04.30 18:39:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.29 21:10:00 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Gabi\Plocha\RSIT.exe
[2010.04.28 20:53:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.28 19:10:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.04.28 19:10:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.04.28 17:46:55 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\RegistryBooster.lnk
[2010.04.27 20:50:35 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Gabi\Plocha\Spybot - Search & Destroy.lnk
[2010.04.27 20:40:45 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010.04.27 20:35:04 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\RegCure.lnk
[2010.04.27 16:34:21 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.26 20:54:02 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Steam.lnk
[2010.04.26 20:47:35 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Gabi\Data aplikací\kcmdte.dat
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010.04.25 20:19:59 | 000,013,016 | -HS- | M] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\W1V4gTA17lv6V
[2010.04.25 20:19:59 | 000,013,016 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\W1V4gTA17lv6V
[2010.04.25 18:49:27 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
[2010.04.25 18:49:26 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk

========== Files Created - No Company Name ==========

[2010.05.01 12:01:44 | 000,007,896 | ---- | C] () -- C:\Documents and Settings\Gabi\Plocha\Extras.rar
[2010.04.30 19:45:55 | 000,000,389 | ---- | C] () -- C:\Boot.bak
[2010.04.30 19:45:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010.04.30 18:25:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.30 18:25:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.30 18:25:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.30 18:25:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.30 18:25:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.30 18:09:57 | 003,924,810 | R--- | C] () -- C:\Documents and Settings\Gabi\Plocha\ComboFix.exe
[2010.04.29 21:14:54 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Gabi\Plocha\RSIT.exe
[2010.04.28 17:46:55 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\RegistryBooster.lnk
[2010.04.27 20:35:40 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010.04.27 20:35:40 | 000,000,388 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010.04.27 20:35:40 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010.04.27 20:35:04 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\RegCure.lnk
[2010.04.26 20:47:32 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Gabi\Data aplikací\kcmdte.dat
[2010.04.25 20:17:28 | 000,013,016 | -HS- | C] () -- C:\Documents and Settings\Gabi\Local Settings\Data aplikací\W1V4gTA17lv6V
[2010.04.25 19:01:22 | 000,013,016 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\W1V4gTA17lv6V
[2010.04.25 18:58:59 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Data aplikací\kcmdte.dat
[2010.04.25 18:49:26 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\McAfee Security Scan Plus.lnk
[2010.04.25 18:49:26 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
[2010.04.24 14:35:46 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009.12.24 12:19:57 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2009.11.14 15:18:17 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009.11.09 21:53:51 | 000,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009.09.08 17:52:06 | 000,000,018 | ---- | C] () -- C:\WINDOWS\cnc.ini
[2009.09.01 17:00:07 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009.09.01 09:33:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.09.01 09:06:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009.08.22 09:05:07 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.08.18 21:40:01 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.08.18 12:57:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009.08.17 23:28:14 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009.08.17 23:14:22 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.08.17 22:50:53 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.08.11 11:02:00 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\zmghpaso.dll
[2004.08.17 15:49:10 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2001.01.12 11:49:38 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2010.04.28 21:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\COWON
[2010.04.26 20:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Spyware Terminator
[2010.04.27 18:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Teleca
[2010.04.28 17:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Uniblue
[2010.04.21 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.08.22 09:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.08.22 09:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Pro
[2009.12.06 20:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.08.19 15:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PopCap Games
[2010.04.27 20:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RegCure
[2010.04.30 18:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2010.01.26 17:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Steinberg
[2009.12.24 12:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Syncrosoft
[2009.08.22 08:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2010.05.01 22:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.12.02 16:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.12.08 23:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2010.01.26 18:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\VST3 Presets
[2009.11.25 21:48:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009.09.07 18:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\COWON
[2009.08.22 10:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\DAEMON Tools Lite
[2010.03.27 14:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\DAEMON Tools Pro
[2009.10.03 18:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\fltk.org
[2009.11.28 10:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\ICQ
[2009.11.12 20:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Gabi\Data aplikací\ijjigame
[2009.11.28 09:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\IrfanView
[2009.10.12 17:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Leadertech
[2009.11.17 19:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\LucasArts
[2009.09.01 16:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Megaupload
[2009.11.17 14:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\PopCapv1002
[2009.11.14 20:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\PopCapv1005eni
[2010.02.07 11:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Soldat
[2010.04.25 18:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Spyware Terminator
[2010.01.26 18:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Steinberg
[2009.08.22 08:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Teleca
[2009.08.19 09:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Thunderbird
[2009.11.25 21:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\TuneUp Software
[2010.04.28 17:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Uniblue
[2010.05.01 22:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\uTorrent
[2009.12.23 20:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gabi\Data aplikací\Vso
[2010.05.01 17:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010.05.01 22:11:49 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2010.04.27 20:40:45 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
< End of report >

[TheTrooper]

COMBOFIX LOG :

ComboFix 10-05-01.04 - Gabi . 05. 2010 8:52.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.511.121 [GMT 2:00]
Running from: c:\documents and settings\Gabi\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-01 10:30 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-01 10:30 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-05-01 10:30 . 2004-08-03 21:00 8192 ----a-w- C:\changer.sys
2010-05-01 10:30 . 2004-08-03 20:59 49536 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2010-05-01 10:30 . 2004-08-03 20:59 49536 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-05-01 10:30 . 2004-08-03 21:07 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2010-05-01 10:30 . 2004-08-03 21:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.sys
2010-05-01 10:30 . 2004-08-03 20:59 49536 ----a-w- C:\cdrom.sys
2010-05-01 10:30 . 2004-08-03 21:07 42368 ----a-w- C:\agp440.sys
2010-04-29 19:10 . 2010-05-01 06:58 -------- d-----w- c:\program files\trend micro
2010-04-29 19:10 . 2010-04-29 19:11 -------- d-----w- C:\rsit
2010-04-28 15:46 . 2010-04-28 15:46 -------- d-----w- c:\program files\Uniblue
2010-04-27 18:35 . 2010-04-27 18:39 -------- d-----w- c:\program files\RegCure
2010-04-27 17:48 . 2010-04-27 17:48 -------- d--h--w- c:\windows\$hf_mig$
2010-04-26 18:39 . 2010-04-15 06:01 3879288 ----a-w- C:\procexp.exe
2010-04-26 17:47 . 2010-04-26 17:47 -------- d-s---w- c:\documents and settings\Administrator\UserData
2010-04-26 17:17 . 2010-04-26 17:17 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-04-25 18:05 . 2008-10-16 12:09 43544 ----a-w- c:\windows\system32\wups2.dll
2010-04-25 18:03 . 2010-04-25 18:06 -------- d-----w- C:\daee6bf9b8df2bb6e9f42f
2010-04-24 12:35 . 2010-01-22 07:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-24 12:35 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-24 12:35 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-04-24 12:35 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-24 12:35 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-24 12:35 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-24 12:28 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-24 12:28 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-24 12:28 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-24 12:28 . 2010-04-08 12:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-24 12:27 . 2010-04-24 12:36 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-24 12:27 . 2010-05-01 09:12 -------- d-----w- c:\program files\Spyware Doctor
2010-04-24 12:16 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 12:16 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 12:16 . 2010-04-24 12:16 -------- d-----w- c:\program files\Malwarebytes
2010-04-24 07:54 . 2010-04-24 12:05 -------- d-----w- c:\program files\Spybot
2010-04-21 17:37 . 2010-04-21 17:37 -------- d-----w- c:\program files\NOS
2010-04-17 06:40 . 2010-04-17 06:40 -------- d-----w- c:\program files\Common Files\Java
2010-04-17 06:40 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-11 18:17 . 2010-04-25 16:47 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-02 16:00 . 2010-04-02 16:00 -------- d-----w- c:\program files\Ubisoft
2010-04-02 15:59 . 2010-04-02 15:59 1 ----a-w- c:\windows\system32\SI.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 06:50 . 2010-01-03 12:35 -------- d-----w- c:\program files\Steam
2010-05-01 10:25 . 2009-08-17 21:26 -------- d-----w- c:\program files\ESET
2010-05-01 10:22 . 2009-08-17 21:28 298104 ----a-w- c:\windows\system32\imon.dll
2010-05-01 10:22 . 2009-08-17 21:28 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-05-01 10:22 . 2009-08-17 21:28 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-04-28 18:53 . 2009-08-17 19:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-26 18:32 . 2009-08-18 19:39 -------- d-----w- c:\program files\Spyware Terminator
2010-04-17 06:40 . 2009-08-17 21:43 -------- d-----w- c:\program files\Java
2010-04-02 16:00 . 2009-08-17 20:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 09:09 . 2010-03-31 09:09 -------- d-----w- c:\program files\SlySoft
2010-03-30 15:23 . 2010-03-30 15:20 -------- d-----w- c:\program files\ophcrack
2010-03-30 14:28 . 2010-03-27 12:09 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-29 17:01 . 2010-03-29 16:55 -------- d-----w- c:\program files\360WavesPatcher
2010-03-29 16:55 . 2010-03-29 16:55 -------- d-----w- c:\program files\Common Files\PC SOFT
2010-03-28 06:59 . 2001-10-25 12:00 77876 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 06:59 . 2001-10-25 12:00 428730 ----a-w- c:\windows\system32\perfh005.dat
2010-03-27 12:10 . 2009-08-22 07:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-27 11:55 . 2009-08-22 07:57 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-03-14 19:35 . 2010-03-14 19:35 -------- d-----w- c:\program files\Delta
2010-03-05 15:12 . 2010-03-05 15:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 18:45 . 2010-02-17 18:45 241 ----a-w- c:\documents and settings\Gabi\SR.vbs
2010-02-07 09:58 . 2010-02-07 09:58 0 ----a-r- C:\logwmemory.bin
.

((((((((((((((((((((((((((((( SnapShot@2010-05-01_07.53.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-02 06:49 . 2010-05-02 06:49 16384 c:\windows\temp\Perflib_Perfdata_230.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"FlashMute"="c:\program files\FlashMute\FlashMute.exe" [2006-03-11 221184]
"Steam"="c:\program files\Steam\Steam.exe" [2010-04-26 1238352]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]
"uTorrent"="d:\program files\uTorrent\uTorrent.exe" [2010-03-12 319792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"="c:\windows\INF\MSI\SlowDownCPU\SlowDownCPU.exe" [2005-02-25 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-05-01 949376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-18 2176000]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Gabi\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\VALVe\\Garry's Mod\\hl2.exe"=
"c:\\Program Files\\VALVe\\Garry's Mod\\srcds.exe"=
"d:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"14883:TCP"= 14883:TCP:uTorrent
"14883:UDP"= 14883:UDP:14883

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24. 4. 2010 14:28 218592]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [28. 12. 2009 18:38 3069040]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [17. 8. 2009 23:28 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [18. 8. 2009 21:40 142592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24. 4. 2010 14:35 112592]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6. 12. 2009 20:25 222968]
R3 SlowDownCPU;SlowDownCPU;c:\windows\inf\MSI\SlowDownCPU\NTGLM7X.SYS [17. 8. 2009 22:04 23424]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22. 8. 2009 9:05 691696]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [24. 4. 2010 14:16 38224]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15. 1. 2010 14:49 227232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [24. 4. 2010 14:27 366840]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [24. 12. 2009 12:19 18432]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service;c:\windows\system32\drivers\zmghpau.sys [11. 8. 2008 11:02 91136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-05-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:57]

2010-05-02 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:57]

2010-04-27 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 19:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://ultimate-guitar.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Gabi\Data aplikací\Mozilla\Firefox\Profiles\lxuxcfra.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 09:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292428093-73586283-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e7,2b,ca,6a,ac,fc,06,75,1c,c7,42,4c,4f,5d,54,fc,77,5a,ff,63,14,7c,20,
c0,96,b5,6d,e1,86,77,b6,84,a6,c6,24,03,50,c7,e4,7b,40,f3,76,8b,2a,ca,30,a0,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1292428093-73586283-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:a9,8b,e1,af,f3,87,99,22,38,b6,80,12,d4,63,71,b8,84,6a,cb,7a,3a,
8b,99,c4,95,28,8a,5d,c1,e5,4f,93,d9,f2,5f,9e,8a,ba,cf,1c,08,3d,db,0b,93,f1,\
"rkeysecu"=hex:3a,ac,05,db,e6,8e,f0,ab,08,b6,0b,d9,3b,25,ea,fe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2010-05-02 09:06:05
ComboFix-quarantined-files.txt 2010-05-02 07:06
ComboFix2.txt 2010-05-01 07:57
ComboFix3.txt 2010-04-30 17:38

Pre-Run: Volných bajtů: 31 567 781 888
Post-Run: Volných bajtů: 31 539 429 376

- - End Of File - - 0384463CBA282C2600E51FBB0BC9E3C8

[TheTrooper]

uz mi ale pri startu nepise to s tim D3DAVILIBRARY.DLL

[TheTrooper]

Qoobox.rar

Kód: Vybrat vše

http://www.sendspace.com/file/prn5zl

[TheTrooper]

tu je RSIT LOG , bohuzel , NOD32 , MalwareBytes , Spybot se mi nepodaril odinstalovat , doufam ze i tak pomuze :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Gabi at 2010-05-02 15:05:44
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 39 GB (51%) free of 76 GB
Total RAM: 511 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:58, on 2. 5. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\FlashMute\FlashMute.exe
D:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gabi\Plocha\RSIT.exe
C:\Program Files\trend micro\Gabi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [FlashMute] C:\Program Files\FlashMute\FlashMute.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (file missing)

--
End of file - 7153 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\Spybot\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-06-29 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SlowDownCPU"=C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe [2005-02-25 208896]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2010-05-01 949376]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-05-28 528384]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"FlashMute"=C:\Program Files\FlashMute\FlashMute.exe [2006-03-11 221184]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2009-12-18 427328]
"uTorrent"=D:\Program Files\uTorrent\uTorrent.exe [2010-03-12 319792]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Gabi\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-08-17 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe"="C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\VALVe\Garry's Mod\hl2.exe"="C:\Program Files\VALVe\Garry's Mod\hl2.exe:*:Enabled:Garry's_Mod"
"C:\Program Files\VALVe\Garry's Mod\srcds.exe"="C:\Program Files\VALVe\Garry's Mod\srcds.exe:*:Enabled:Garry's_Mod_Dedicated_Server"
"D:\Program Files\FlatOut2\FlatOut2.exe"="D:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"D:\Program Files\World of Warcraft\BackgroundDownloader.exe"="D:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-05-02 09:06:06 ----A---- C:\ComboFix.txt
2010-05-01 09:57:36 ----D---- C:\WINDOWS\temp
2010-04-30 19:45:55 ----A---- C:\Boot.bak
2010-04-30 19:45:48 ----RASHD---- C:\cmdcons
2010-04-30 18:25:08 ----A---- C:\WINDOWS\zip.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\SWSC.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\SWREG.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\sed.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\PEV.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\MBR.exe
2010-04-30 18:25:08 ----A---- C:\WINDOWS\grep.exe
2010-04-30 18:08:30 ----D---- C:\WINDOWS\ERDNT
2010-04-30 18:07:32 ----D---- C:\Qoobox
2010-04-29 21:10:47 ----D---- C:\rsit
2010-04-29 21:10:47 ----D---- C:\Program Files\trend micro
2010-04-29 20:49:04 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-28 17:52:40 ----D---- C:\Documents and Settings\Gabi\Data aplikací\Uniblue
2010-04-27 20:35:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegCure
2010-04-27 19:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-04-27 19:48:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-27 17:50:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-27 17:49:29 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-26 20:39:50 ----A---- C:\procexp.exe
2010-04-25 20:08:38 ----SHD---- C:\WINDOWS\CSC
2010-04-25 20:05:07 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-04-25 20:05:07 ----A---- C:\WINDOWS\system32\wups2.dll
2010-04-25 20:05:06 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2010-04-25 20:05:03 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2010-04-25 20:04:59 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-04-25 20:03:08 ----D---- C:\daee6bf9b8df2bb6e9f42f
2010-04-24 14:26:07 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-04-24 14:17:06 ----D---- C:\Documents and Settings\Gabi\Data aplikací\Malwarebytes
2010-04-24 14:16:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-24 14:16:29 ----D---- C:\Program Files\Malwarebytes
2010-04-24 09:54:28 ----D---- C:\Program Files\Spybot
2010-04-24 09:54:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-04-22 21:18:19 ----D---- C:\WINDOWS\Minidump
2010-04-21 20:43:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\avG
2010-04-21 19:37:47 ----D---- C:\Program Files\NOS
2010-04-17 08:40:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-04-17 08:40:31 ----D---- C:\Program Files\Common Files\Java
2010-04-17 08:40:11 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-17 08:40:11 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-17 08:40:11 ----A---- C:\WINDOWS\system32\java.exe
2010-04-17 08:40:11 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-04-11 20:18:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee

======List of files/folders modified in the last 1 months======

2010-05-02 15:05:51 ----D---- C:\WINDOWS\Prefetch
2010-05-02 15:05:41 ----D---- C:\Documents and Settings\Gabi\Data aplikací\uTorrent
2010-05-02 14:54:34 ----D---- C:\Program Files\Common Files
2010-05-02 14:54:34 ----D---- C:\Program Files
2010-05-02 14:53:07 ----D---- C:\WINDOWS\system32\drivers
2010-05-02 14:47:55 ----SHD---- C:\WINDOWS\Installer
2010-05-02 14:47:55 ----D---- C:\Config.Msi
2010-05-02 14:47:55 ----AD---- C:\WINDOWS
2010-05-02 14:47:02 ----D---- C:\Program Files\ESET
2010-05-02 14:42:37 ----D---- C:\Program Files\ophcrack
2010-05-02 14:41:04 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-05-02 14:17:10 ----D---- C:\WINDOWS\system32
2010-05-02 14:16:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-02 14:16:12 ----D---- C:\Program Files\Spyware Terminator
2010-05-02 14:15:17 ----D---- C:\Program Files\WBFS
2010-05-02 14:11:50 ----SD---- C:\WINDOWS\Tasks
2010-05-02 09:00:59 ----A---- C:\WINDOWS\system.ini
2010-05-02 08:56:11 ----D---- C:\WINDOWS\AppPatch
2010-05-01 12:31:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-01 12:22:21 ----A---- C:\WINDOWS\system32\imon.dll
2010-04-30 19:45:55 ----RASH---- C:\boot.ini
2010-04-30 18:38:04 ----D---- C:\WINDOWS\system32\config
2010-04-28 19:16:55 ----D---- C:\WINDOWS\SD_OLD
2010-04-28 19:12:44 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-28 19:12:36 ----HD---- C:\WINDOWS\inf
2010-04-25 20:05:06 ----D---- C:\WINDOWS\Help
2010-04-25 19:53:14 ----D---- C:\Documents and Settings
2010-04-24 15:20:23 ----D---- C:\WINDOWS\ime
2010-04-24 14:28:21 ----D---- C:\WINDOWS\WinSxS
2010-04-21 20:41:37 ----D---- C:\Program Files\Mozilla Firefox
2010-04-21 19:41:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2010-04-17 08:40:08 ----D---- C:\Program Files\Java
2010-04-13 16:11:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-13 08:14:00 ----D---- C:\Documents and Settings\Gabi\Data aplikací\Skype
2010-04-04 15:03:34 ----A---- C:\moduleName.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2009-12-28 3069040]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2010-05-01 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-08-17 2371584]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-08 47360]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 RushTopDevice;RushTopDevice; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\RushTop.sys []
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056]
R3 SlowDownCPU;SlowDownCPU; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\NTGLM7X.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-01 260288]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 a7wijydh;a7wijydh; C:\WINDOWS\system32\drivers\a7wijydh.sys []
S3 act86sod;act86sod; C:\WINDOWS\system32\drivers\act86sod.sys []
S3 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2010-05-01 512096]
S3 catchme;catchme; \??\C:\DOCUME~1\Gabi\LOCALS~1\Temp\catchme.sys []
S3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 ZMGHPAudioSrv;ZOOM G Series High Performance Audio Driver Service; C:\WINDOWS\system32\drivers\zmghpau.sys [2008-08-11 91136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-08-17 483328]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2010-05-01 552064]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2009-12-28 316816]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-08-16 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-09-19 3474384]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[TheTrooper]

Naughty , delas na tom ? aspon mi odpis na SZ