Dobry den.
Poprosil by som o pomoc pri rieseni problemu zrejme s malwarom a kontrolu logu na pripadne dalsie problemy. Pouzivam prehliadace Operu a FF. Poslednych par dni sa mi stava, ze sa mi samovolne otvaraju stranky v mozile konkretne tieto(
www.laughmood.com, www.technicstip.com, www.gsming.com, www.humanitygrow.com, www.workinghabit.com)
Skusal som to googlit, ale nejake verne riesenie som nenasiel a tak sa obraciam o pomoc na vas.
Logfile of random's system information tool 1.07 (written by random/random)
Run by milanko at 2010-06-13 13:33:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (18%) free of 50 GB
Total RAM: 3327 MB (83% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:33:22, on 6/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
I:\mirc\mirc32.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\milanko\Desktop\RSIT.exe
C:\Program Files\trend micro\milanko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "E:\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (file missing) (HKCU)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Unknown owner - E:\Turbine Download Manager\TurbineMessageService.exe (file missing)
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Unknown owner - E:\Turbine Download Manager\TurbineNetworkService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 6159 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-05 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-09 1657376]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"PWRISOVM.EXE"=E:\PowerISO\PWRISOVM.EXE [2009-07-27 180224]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"Turbine Download Manager Tray Icon"=E:\Turbine Download Manager\TurbineDownloadManagerIcon.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 1468296]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-03-05 149280]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
C:\Documents and Settings\milanko\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"I:\mirc\mirc32.exe"="I:\mirc\mirc32.exe:*:Enabled:mIRC"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"E:\World of Warcraft\BackgroundDownloader.exe"="E:\World of Warcraft\BackgroundDownloader.exe:*:Disabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\savage2\savage2.exe"="E:\savage2\savage2.exe:*:Enabled:savage2"
"E:\TTD\openttd.exe"="E:\TTD\openttd.exe:*:Disabled:OpenTTD"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe"="C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM)"
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe"="C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM)"
"E:\Ventrilo.exe"="E:\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"E:\holden manager\HoldemManager.exe"="E:\holden manager\HoldemManager.exe:*:Enabled:HoldemManager"
"G:\Program Files\Skype\Plugin Manager\skypePM.exe"="G:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\steam\Steam.exe"="E:\steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Turbine Download Manager\TurbineMessageService.exe"="E:\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"E:\commandos2\comm2.exe"="E:\commandos2\comm2.exe:*:Enabled:Play Commandos II"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\T-Mobile Communication Center\TMCC.exe"="C:\Program Files\T-Mobile Communication Center\TMCC.exe:*:Enabled:T-Mobile Communication Center"
"G:\Program Files\Steam\steamapps\mino_o\counter-strike\hl.exe"="G:\Program Files\Steam\steamapps\mino_o\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ccad6ab-efc7-11de-beb0-00248cfae86d}]
shell\AutoRun\command - K:\KLIZAVI/sapun.exe
shell\explore\command - K:\KLIZAVI/sapun.exe
shell\open\command - K:\KLIZAVI/sapun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4d56c5a-4f05-11df-bf3d-00248cfae86d}]
shell\AutoRun\command - K:\TMCCSetup_3.57.95.14.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4371623-f179-11de-beb4-00248cfae86d}]
shell\AutoRun\command - K:\BLAMGRR///moneymoney.exe
shell\explore\command - K:\BLAMGRR///moneymoney.exe
shell\open\command - K:\BLAMGRR///moneymoney.exe
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2010-06-13 13:33:15 ----D---- C:\rsit
2010-06-13 13:33:15 ----D---- C:\Program Files\trend micro
2010-06-01 04:01:48 ----RSH---- C:\Documents and Settings\milanko\Application Data\mrpky.exe
======List of files/folders modified in the last 1 months======
2010-06-13 13:33:15 ----RD---- C:\Program Files
2010-06-13 13:19:36 ----D---- C:\Documents and Settings\milanko\Application Data\uTorrent
2010-06-13 13:19:34 ----HD---- C:\Documents and Settings\milanko\Application Data\ICQ
2010-06-13 13:19:05 ----D---- C:\Documents and Settings\milanko\Application Data\Hamachi
2010-06-13 11:50:07 ----D---- C:\WINDOWS\system32
2010-06-13 11:50:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-13 11:46:08 ----D---- C:\WINDOWS\Temp
2010-06-13 03:51:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-13 01:32:19 ----D---- C:\Documents and Settings\milanko\Application Data\vlc
2010-06-12 21:26:32 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-06-11 03:43:04 ----D---- C:\WINDOWS\Prefetch
2010-06-10 15:28:17 ----D---- C:\Program Files\SpeedFan
2010-06-09 08:42:07 ----D---- C:\WINDOWS
2010-06-08 17:11:50 ----HD---- C:\Documents and Settings\milanko\Application Data\Media Player Classic
2010-06-08 17:11:37 ----D---- C:\WINDOWS\Minidump
2010-06-08 17:10:02 ----D---- C:\Program Files\CCleaner
2010-06-08 13:18:44 ----D---- C:\Program Files\LuckyAcePoker.com
2010-06-07 14:14:26 ----D---- C:\Documents and Settings\milanko\Application Data\LuckyAcePoker.com
2010-06-07 14:08:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-07 14:07:11 ----SHD---- C:\WINDOWS\CSC
2010-06-02 16:29:42 ----D---- C:\Documents and Settings\milanko\Application Data\Skype
2010-06-02 16:00:36 ----D---- C:\Documents and Settings\milanko\Application Data\skypePM
2010-05-27 01:37:30 ----D---- C:\Documents and Settings\milanko\Application Data\TeamViewer
2010-05-25 13:54:38 ----D---- C:\WINDOWS\system32\config
2010-05-16 13:26:40 ----D---- C:\Program Files\uTorrent
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-27 58908]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-07-14 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-28 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-07-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-06-01 27792]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aesi2t90;aesi2t90; C:\WINDOWS\system32\drivers\aesi2t90.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-05 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-03-13 65536]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-04-28 75064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 LiveTurbineMessageService;Turbine Message Service - Live; E:\Turbine Download Manager\TurbineMessageService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-12-06 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; E:\Turbine Download Manager\TurbineNetworkService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problem zrejme s malwarom.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Problem zrejme s malwarom.
Zdravím 
Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
- Spusťte, poté klikněte na Deletion.
- Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
autochk.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT - Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: Problem zrejme s malwarom.
USBFIX log
############################## | Usbfix 7.009 | [Deletion]
User: milanko (Administrator) # CHANGEME [ ]
Updated 12/06/10 by El Desaparecido / C_XX
Started at 13:48:03 | 13/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall: Disabled /!\
RAM -> 3327 Mb
C:\ (%systemdrive%) -> Fixed drive # 49 Gb (9 Mb free - 18%) [] # NTFS
D:\ -> Fixed drive # 293 Gb (20 Mb free - 7%) [] # NTFS
E:\ -> Fixed drive # 357 Gb (278 Mb free - 78%) [] # NTFS
F:\ -> CD-ROM
G:\ -> Fixed drive # 17 Gb (5 Mb free - 31%) [] # NTFS
H:\ -> Fixed drive # 49 Gb (33 Mb free - 68%) [] # NTFS
I:\ -> Fixed drive # 49 Gb (10 Mb free - 20%) [] # NTFS
J:\ -> CD-ROM
################## | Files # Infected Folders |
Not deleted ! F:\Autorun.inf
Deleted ! C:\Recycler\S-1-5-21-0048411087-3265655672-153489589-2391
Deleted ! C:\Recycler\S-1-5-21-3485668229-0748606578-749927639-9687
Deleted ! C:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! C:\Recycler\S-1-5-21-8363253207-6392242285-901934472-6512
Deleted ! C:\Recycler\S-1-5-21-9592345835-6643573950-491116250-8338
Deleted ! D:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! E:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! G:\Recycler\S-1-5-21-1390067357-1708537768-839522115-1003
Deleted ! G:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! H:\Recycler\S-1-5-21-1390067357-1708537768-839522115-1003
Deleted ! H:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! I:\Recycler\S-1-5-21-1390067357-1708537768-839522115-1003
Deleted ! I:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Not deleted ! F:\Drag&Burn.exe
################## | Registry |
Deleted ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0ccad6ab-efc7-11de-beb0-00248cfae86d}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c4d56c5a-4f05-11df-bf3d-00248cfae86d}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{f4371623-f179-11de-beb4-00248cfae86d}
################## | Listing |
[28/07/2009 - 19:41:52 | A | 0] C:\AUTOEXEC.BAT
[31/10/2009 - 02:10:56 | RSH | 223] C:\boot.ini
[28/07/2009 - 19:41:52 | A | 0] C:\CONFIG.SYS
[17/10/2009 - 18:25:31 | D ] C:\Documents and Settings
[28/07/2009 - 14:04:49 | D ] C:\Intel
[28/07/2009 - 19:41:52 | RASH | 0] C:\IO.SYS
[28/07/2009 - 19:41:52 | RASH | 0] C:\MSDOS.SYS
[06/12/2009 - 15:55:13 | RHD ] C:\MSOCache
[14/04/2008 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[14/04/2008 - 14:00:00 | RASH | 250048] C:\ntldr
[28/07/2009 - 14:09:57 | D ] C:\NVIDIA
[13/06/2010 - 11:45:32 | ASH | 2145386496] C:\pagefile.sys
[13/06/2010 - 13:33:15 | RD ] C:\Program Files
[13/06/2010 - 13:52:31 | SHD ] C:\RECYCLER
[13/06/2010 - 13:33:23 | D ] C:\rsit
[28/07/2009 - 19:44:33 | SHD ] C:\System Volume Information
[13/06/2010 - 13:52:31 | D ] C:\UsbFix
[13/06/2010 - 13:52:33 | A | 2047] C:\Usbfix.txt
[09/06/2010 - 08:42:07 | D ] C:\WINDOWS
[13/10/2009 - 13:06:42 | RD ] D:\anime
[02/08/2009 - 00:02:05 | D ] D:\blablabla
[26/05/2010 - 12:30:04 | D ] D:\movies
[28/07/2009 - 19:20:37 | D ] D:\MP3
[13/06/2010 - 02:58:52 | D ] D:\New downloads
[11/06/2010 - 22:39:05 | D ] D:\Poker
[13/06/2010 - 13:52:31 | SHD ] D:\RECYCLER
[26/05/2010 - 12:29:26 | D ] D:\serialy
[28/07/2009 - 14:52:02 | SHD ] D:\System Volume Information
[31/10/2009 - 02:11:59 | D ] E:\2K Games
[01/01/2010 - 20:00:51 | D ] E:\34c9a02c524ab4ec1f11b4c6d6
[25/03/2008 - 11:46:26 | A | 956286976] E:\AUTODESK AutoCAD.2007 (ENG.DVD) with crack.iso
[26/02/2010 - 16:41:16 | D ] E:\commandos1
[25/02/2010 - 21:07:27 | D ] E:\commandos2
[09/11/2009 - 14:01:57 | D ] E:\Dragons age
[25/05/2010 - 13:54:25 | D ] E:\HeM
[02/11/2009 - 14:23:01 | D ] E:\holden manager
[26/05/2010 - 20:50:13 | D ] E:\hon
[20/12/2009 - 23:07:51 | D ] E:\instalacne sracky
[06/12/2009 - 15:03:48 | D ] E:\Microsoft Office 2007 Professional Plus
[03/08/2009 - 14:26:23 | D ] E:\ottd
[29/04/2010 - 22:42:28 | D ] E:\pacmod
[19/05/2010 - 22:26:05 | D ] E:\Poker Stars
[08/12/2009 - 02:48:15 | D ] E:\PokerStove
[10/08/2009 - 14:25:25 | D ] E:\PowerISO
[12/10/2009 - 14:57:58 | D ] E:\RE5
[13/06/2010 - 13:52:31 | SHD ] E:\RECYCLER
[08/06/2010 - 02:40:27 | D ] E:\StarCraft II Beta
[07/03/2010 - 22:25:35 | D ] E:\steam
[28/07/2009 - 14:52:01 | SHD ] E:\System Volume Information
[05/06/2010 - 19:32:41 | D ] E:\tilt
[04/06/2010 - 16:41:24 | D ] E:\ts3
[30/09/2009 - 16:08:11 | D ] E:\ventrilo
[12/05/2010 - 00:45:46 | D ] E:\Warcraft III
[24/03/2010 - 20:56:45 | D ] E:\Warhammer Online - Age of Reckoning
[02/10/2009 - 21:05:31 | D ] E:\Warsow
[14/02/2010 - 19:47:21 | D ] E:\World of Warcraft
[29/04/2009 - 11:02:01 | R | 55] F:\autorun.inf
[29/04/2009 - 11:02:01 | R | 270336] F:\BlueBirds.exe
[29/04/2009 - 11:02:01 | R | 270336] F:\S e t u p.exe
[29/04/2009 - 11:02:01 | R | 81920] F:\Drag&Burn.exe
[06/05/2009 - 11:25:51 | A | 4700] G:\aaw7boot.log
[05/01/2005 - 18:57:56 | A | 0] G:\AUTOEXEC.BAT
[15/06/2008 - 17:25:58 | RASH | 211] G:\boot.ini
[25/10/2001 - 14:00:00 | RASH | 4952] G:\Bootfont.bin
[05/01/2005 - 18:57:56 | A | 0] G:\CONFIG.SYS
[05/01/2005 - 19:01:01 | HD ] G:\Documents and Settings
[14/06/2009 - 14:56:07 | A | 120] G:\drmHeader.bin
[15/06/2008 - 16:30:55 | D ] G:\e3e3b96e96b14d18738bf00d
[23/06/2007 - 12:27:01 | D ] G:\Fraps
[25/07/2008 - 12:18:12 | D ] G:\Intel10.0
[05/01/2005 - 18:57:56 | RASH | 0] G:\IO.SYS
[26/03/2008 - 08:32:41 | D ] G:\Logs
[05/01/2005 - 18:57:56 | RASH | 0] G:\MSDOS.SYS
[06/06/2009 - 17:44:18 | RHD ] G:\MSOCache
[15/06/2008 - 17:19:31 | RASH | 47564] G:\NTDETECT.COM
[15/06/2008 - 17:19:31 | RASH | 250576] G:\ntldr
[20/04/2008 - 15:54:05 | D ] G:\NVIDIA
[28/07/2009 - 09:10:22 | ASH | 1610612736] G:\pagefile.sys
[26/10/2008 - 13:53:02 | AH | 1073741824] G:\pfsvoddata.bbv
[04/10/2009 - 17:54:44 | RD ] G:\Program Files
[13/06/2010 - 13:52:31 | SHD ] G:\RECYCLER
[15/06/2008 - 17:33:13 | SHD ] G:\System Volume Information
[13/03/2008 - 22:34:51 | D ] G:\Temp
[25/07/2008 - 12:37:41 | ASH | 7168] G:\Thumbs.db
[12/01/2007 - 12:12:23 | D ] G:\totalcmd
[28/07/2009 - 19:05:58 | H | 460670] G:\treeinfo.wc
[26/07/2009 - 13:53:41 | D ] G:\WINDOWS
[20/09/2008 - 16:59:51 | D ] H:\1
[17/03/2008 - 20:40:22 | SHD ] H:\Config.Msi
[30/10/2009 - 15:18:18 | D ] H:\My Downloads
[13/06/2010 - 13:52:31 | SHD ] H:\RECYCLER
[22/04/2005 - 12:49:45 | SHD ] H:\System Volume Information
[07/02/2007 - 02:57:33 | H | 1756] H:\treeinfo.wc
[29/07/2009 - 02:52:00 | D ] H:\Videoclips
[03/11/2006 - 15:02:28 | D ] I:\DC++
[15/10/2008 - 16:46:34 | RD ] I:\Files
[28/07/2009 - 14:52:51 | D ] I:\games
[21/08/2009 - 01:09:14 | AD ] I:\mirc
[27/09/2007 - 01:56:30 | HD ] I:\msdownld.tmp
[07/03/2009 - 08:55:23 | D ] I:\NAPLIT
[15/06/2008 - 17:49:41 | D ] I:\RAZITKA
[13/06/2010 - 13:52:31 | SHD ] I:\RECYCLER
[30/05/2005 - 16:28:19 | SHD ] I:\System Volume Information
[21/11/2006 - 17:58:07 | H | 34947] I:\treeinfo.wc
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_CHANGEME.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
OTL log
OTL logfile created on: 6/13/2010 13:54:13 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\milanko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 8.94 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 20.15 Gb Free Space | 6.88% Space Free | Partition Type: NTFS
Drive E: | 356.83 Gb Total Space | 278.23 Gb Free Space | 77.97% Space Free | Partition Type: NTFS
Drive F: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.37 Gb Total Space | 5.35 Gb Free Space | 30.82% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 32.97 Gb Free Space | 67.51% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 9.85 Gb Free Space | 20.17% Space Free | Partition Type: NTFS
Computer Name: CHANGEME
Current User Name: milanko
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/06/13 13:47:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milanko\Desktop\OTL.exe
PRC - [2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/13 17:48:32 | 000,079,360 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe
PRC - [2003/12/22 17:36:14 | 000,581,632 | ---- | M] () -- C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
========== Modules (SafeList) ==========
MOD - [2010/06/13 13:47:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milanko\Desktop\OTL.exe
MOD - [2008/04/14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [Auto | Stopped] -- -- (LiveTurbineMessageService)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/12/06 15:49:52 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
========== Driver Services (SafeList) ==========
DRV - [2010/02/28 04:47:27 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/08 02:54:22 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/14 20:54:00 | 007,741,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/23 19:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/07/03 17:03:00 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-789336058-1580818891-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1580818891-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..network.proxy.type: 2
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/19 14:09:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/18 13:22:17 | 000,000,000 | ---D | M]
[2009/07/28 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Extensions
[2010/06/12 16:44:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions
[2010/03/29 13:00:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/25 03:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions\battlefieldheroespatcher@ea.com
[2009/11/08 17:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions\QLDP@peol
[2009/07/28 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\gsc7d0tw.default\extensions
[2009/07/28 18:36:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\gsc7d0tw.default\searchplugins\icqplugin.xml
[2010/06/12 16:44:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/08/09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
[2010/03/27 01:51:13 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/03/27 01:51:13 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/03/27 01:51:13 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/03/27 01:51:13 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/03/27 01:51:13 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/03/27 01:51:13 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: ([2009/10/31 14:17:34 | 000,338,137 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11596 more lines...
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] E:\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] E:\Turbine Download Manager\TurbineDownloadManagerIcon.exe File not found
O4 - HKLM..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\milanko\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati ... 0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\milanko\Application Data\mrpky.exe) - C:\Documents and Settings\milanko\Application Data\mrpky.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\milanko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\milanko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/28 19:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:37 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:37 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O32 - AutoRun File - [2009/04/29 11:02:01 | 000,000,055 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/01/05 18:57:56 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:40 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:40 | 000,000,000 | RHSD | M] - H:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:40 | 000,000,000 | RHSD | M] - I:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/28 19:41:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308606093492224)
========== Files/Folders - Created Within 30 Days ==========
[2010/06/13 13:52:37 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/06/13 13:47:52 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/06/13 13:47:17 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\milanko\Desktop\OTL.exe
[2010/06/13 13:46:58 | 001,214,120 | ---- | C] (C_XX & El Desaparecido) -- C:\Documents and Settings\milanko\Desktop\UsbFix.exe
[2010/06/13 13:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/06/13 13:33:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010/06/08 17:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\milanko\Recent
[2010/05/28 15:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milanko\Desktop\Prago Union - Dezorient Expres (2010)-KKM_2008
[2010/05/25 13:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milanko\Local Settings\Application Data\In_The_Money_LLC
[2010/05/25 13:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milanko\Local Settings\Application Data\In The Money
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/06/13 13:52:40 | 001,130,552 | ---- | M] () -- C:\UsbFix_Upload_Me_CHANGEME.zip
[2010/06/13 13:47:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milanko\Desktop\OTL.exe
[2010/06/13 13:47:00 | 001,214,120 | ---- | M] (C_XX & El Desaparecido) -- C:\Documents and Settings\milanko\Desktop\UsbFix.exe
[2010/06/13 13:32:28 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\RSIT.exe
[2010/06/13 11:50:07 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/13 11:50:07 | 000,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/13 11:50:07 | 000,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/13 11:45:38 | 000,243,548 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/13 11:45:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/13 11:45:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/13 03:51:43 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\milanko\NTUSER.DAT
[2010/06/13 03:51:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\milanko\ntuser.ini
[2010/06/13 02:58:07 | 000,203,264 | ---- | M] () -- C:\Documents and Settings\milanko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/12 21:26:41 | 000,139,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/12 21:26:32 | 000,214,720 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/11 12:59:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/08 17:15:57 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\LuckyAcePoker.lnk
[2010/06/08 17:10:04 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\CCleaner.lnk
[2010/06/06 21:08:48 | 030,177,066 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\The Thin Red Line - Episode 8.mp4
[2010/06/06 13:54:23 | 061,994,303 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP52nd part.wmv
[2010/06/06 13:44:03 | 068,249,271 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP51st part.wmv
[2010/06/06 13:38:56 | 084,702,955 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP5 3rd part.wmv
[2010/06/01 04:05:36 | 002,108,336 | -H-- | M] () -- C:\Documents and Settings\milanko\Local Settings\Application Data\IconCache.db
[2010/06/01 04:01:48 | 000,086,016 | RHS- | M] () -- C:\Documents and Settings\milanko\Application Data\mrpky.exe
[2010/05/25 13:54:22 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\HoldemManager.lnk
[2010/05/14 21:08:09 | 000,195,614 | ---- | M] () -- C:\Documents and Settings\milanko\My Documents\ts3_clientui-win32-10723-2010-05-14 21_08_09.359375.dmp
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/13 13:52:40 | 001,130,552 | ---- | C] () -- C:\UsbFix_Upload_Me_CHANGEME.zip
[2010/06/13 13:32:28 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\RSIT.exe
[2010/06/08 17:15:57 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\LuckyAcePoker.lnk
[2010/06/06 21:06:30 | 030,177,066 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\The Thin Red Line - Episode 8.mp4
[2010/06/06 13:50:31 | 061,994,303 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP52nd part.wmv
[2010/06/06 13:39:39 | 068,249,271 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP51st part.wmv
[2010/06/06 13:33:06 | 084,702,955 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP5 3rd part.wmv
[2010/06/01 04:01:48 | 000,086,016 | RHS- | C] () -- C:\Documents and Settings\milanko\Application Data\mrpky.exe
[2010/05/25 13:54:22 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\HoldemManager.lnk
[2010/05/14 21:08:09 | 000,195,614 | ---- | C] () -- C:\Documents and Settings\milanko\My Documents\ts3_clientui-win32-10723-2010-05-14 21_08_09.359375.dmp
[2010/05/12 18:00:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.INI
[2009/10/31 23:51:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/17 18:38:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2009/09/30 16:07:39 | 000,000,239 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/08 02:54:22 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/07/31 04:32:56 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/07/29 03:38:42 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/29 03:38:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/28 19:47:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/07/28 19:47:02 | 000,035,562 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/28 19:47:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/07/28 18:27:07 | 000,000,440 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/10/14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 11:56:48 | 003,223,552 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/10/14 11:56:48 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/10/14 11:56:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/10/14 11:56:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/10/14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2009/07/29 14:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/12/06 15:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/11/03 04:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/08/08 02:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/28 18:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/05/10 17:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/01/27 19:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2010/01/02 23:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2009/08/12 17:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/01 15:08:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\milanko\Application Data\.#
[2009/07/28 19:15:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ACD Systems
[2009/12/06 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Autodesk
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\BSplayer
[2009/08/08 02:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\DAEMON Tools Lite
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Fpscore Metro
[2010/06/13 13:19:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQ
[2009/07/28 19:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQ Toolbar
[2009/07/28 19:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQLite
[2009/07/31 04:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\id Software
[2010/06/07 14:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\LuckyAcePoker.com
[2009/11/01 23:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Microgaming
[2009/07/30 02:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Octoshape
[2009/07/28 21:35:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Opera
[2010/04/23 20:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Paradoxx
[2010/05/27 01:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\TeamViewer
[2010/06/13 13:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009/07/29 14:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/02/09 20:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/12 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/08/12 17:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/06 15:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/11/03 04:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/08/05 15:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/05/02 17:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/08/08 02:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/28 18:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/05/10 17:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/12/06 15:57:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/12/06 15:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/02 14:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/07/28 14:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/10/31 02:18:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SecuROM
[2010/03/22 23:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/02/26 14:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/27 19:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2009/08/23 21:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/02 23:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2009/08/12 17:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
[2009/07/13 14:22:08 | 000,075,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
[2010/04/13 13:03:36 | 002,373,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
< %APPDATA%\*. >
[2010/04/01 15:08:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\milanko\Application Data\.#
[2009/07/28 19:15:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ACD Systems
[2009/07/28 19:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Adobe
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Apple Computer
[2009/12/06 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Autodesk
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\BSplayer
[2009/08/08 02:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\DAEMON Tools Lite
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\DivX
[2010/02/09 13:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\dvdcss
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Fpscore Metro
[2010/06/13 13:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Hamachi
[2010/02/28 04:30:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\HamachiBackup
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Help
[2010/06/13 13:19:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQ
[2009/07/28 19:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQ Toolbar
[2009/07/28 19:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQLite
[2009/07/31 04:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\id Software
[2009/07/28 19:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Identities
[2009/07/28 19:16:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\IGN_DLM
[2009/07/28 19:16:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\InstallShield
[2009/07/28 19:16:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Logitech
[2010/06/07 14:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\LuckyAcePoker.com
[2009/07/28 19:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Macromedia
[2010/06/08 17:11:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Media Player Classic
[2009/11/01 23:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Microgaming
[2010/04/14 19:22:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\milanko\Application Data\Microsoft
[2009/07/31 03:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla
[2009/10/30 16:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Nero
[2009/07/30 02:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Octoshape
[2009/07/28 21:35:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Opera
[2010/04/23 20:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Paradoxx
[2010/06/02 16:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Skype
[2010/06/02 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\skypePM
[2010/03/05 22:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Sun
[2009/07/28 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Symantec
[2009/07/28 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\teamspeak2
[2010/05/27 01:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\TeamViewer
[2010/06/13 13:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\uTorrent
[2009/09/30 16:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Ventrilo
[2010/06/13 01:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\vlc
[2009/07/28 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Winamp
[2009/07/28 19:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\WinRAR
< %APPDATA%\*.exe /s >
[2010/06/01 04:01:48 | 000,086,016 | RHS- | M] () -- C:\Documents and Settings\milanko\Application Data\mrpky.exe
[2010/06/07 14:14:26 | 017,128,634 | ---- | M] () -- C:\Documents and Settings\milanko\Application Data\LuckyAcePoker.com\setup.exe
[2010/03/02 21:25:40 | 000,319,488 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\milanko\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2010/01/23 22:29:35 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\milanko\Application Data\Microsoft\Installer\{0AB9284A-07F7-443E-85FA-F27DC541C355}\_BE7F1BED6B1ED5EBA3E81F.exe
[2010/01/23 22:29:35 | 000,013,942 | R--- | M] () -- C:\Documents and Settings\milanko\Application Data\Microsoft\Installer\{0AB9284A-07F7-443E-85FA-F27DC541C355}\_ED28DD159B145EDA29D03B.exe
[2007/01/08 20:35:44 | 000,061,440 | RH-- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\milanko\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
[2009/06/25 16:36:16 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2009/01/08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\milanko\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2010/04/25 13:12:15 | 015,736,940 | ---- | M] (Paradoxx Software s.r.o. ) -- C:\Documents and Settings\milanko\Application Data\Paradoxx\PhoneReport\Updates\update_3.60.03.99.exe
< MD5 for: AGP440.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008/04/14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008/04/14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/04/14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CHANGER.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: CRYPTSVC.DLL >
[2008/04/14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008/04/14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: ISAPNP.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008/04/13 22:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008/04/13 22:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2008/04/14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008/04/14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2008/04/14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008/04/14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2009/07/14 22:17:16 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2009/07/14 22:17:16 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008/04/14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008/04/14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008/04/14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008/04/14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/08/08 02:54:22 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009/07/28 21:31:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/28 21:31:37 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/28 21:31:36 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010/06/12 21:26:41 | 000,139,336 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
< %systemroot%\system32\*.* /3 >
[2010/06/13 11:45:38 | 000,243,548 | ---- | M] () -- C:\WINDOWS\system32\NvApps.xml
[2010/06/13 11:50:07 | 000,071,982 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010/06/13 11:50:07 | 000,443,724 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010/06/13 11:50:07 | 000,525,448 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010/06/12 21:26:32 | 000,214,720 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2010/06/12 21:26:32 | 000,214,720 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.xtr
[2010/06/11 12:59:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
############################## | Usbfix 7.009 | [Deletion]
User: milanko (Administrator) # CHANGEME [ ]
Updated 12/06/10 by El Desaparecido / C_XX
Started at 13:48:03 | 13/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall: Disabled /!\
RAM -> 3327 Mb
C:\ (%systemdrive%) -> Fixed drive # 49 Gb (9 Mb free - 18%) [] # NTFS
D:\ -> Fixed drive # 293 Gb (20 Mb free - 7%) [] # NTFS
E:\ -> Fixed drive # 357 Gb (278 Mb free - 78%) [] # NTFS
F:\ -> CD-ROM
G:\ -> Fixed drive # 17 Gb (5 Mb free - 31%) [] # NTFS
H:\ -> Fixed drive # 49 Gb (33 Mb free - 68%) [] # NTFS
I:\ -> Fixed drive # 49 Gb (10 Mb free - 20%) [] # NTFS
J:\ -> CD-ROM
################## | Files # Infected Folders |
Not deleted ! F:\Autorun.inf
Deleted ! C:\Recycler\S-1-5-21-0048411087-3265655672-153489589-2391
Deleted ! C:\Recycler\S-1-5-21-3485668229-0748606578-749927639-9687
Deleted ! C:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! C:\Recycler\S-1-5-21-8363253207-6392242285-901934472-6512
Deleted ! C:\Recycler\S-1-5-21-9592345835-6643573950-491116250-8338
Deleted ! D:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! E:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! G:\Recycler\S-1-5-21-1390067357-1708537768-839522115-1003
Deleted ! G:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! H:\Recycler\S-1-5-21-1390067357-1708537768-839522115-1003
Deleted ! H:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Deleted ! I:\Recycler\S-1-5-21-1390067357-1708537768-839522115-1003
Deleted ! I:\Recycler\S-1-5-21-789336058-1580818891-682003330-1003
Not deleted ! F:\Drag&Burn.exe
################## | Registry |
Deleted ! HKLM\software\microsoft\windows nt\currentversion\winlogon|Taskman
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0ccad6ab-efc7-11de-beb0-00248cfae86d}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c4d56c5a-4f05-11df-bf3d-00248cfae86d}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{f4371623-f179-11de-beb4-00248cfae86d}
################## | Listing |
[28/07/2009 - 19:41:52 | A | 0] C:\AUTOEXEC.BAT
[31/10/2009 - 02:10:56 | RSH | 223] C:\boot.ini
[28/07/2009 - 19:41:52 | A | 0] C:\CONFIG.SYS
[17/10/2009 - 18:25:31 | D ] C:\Documents and Settings
[28/07/2009 - 14:04:49 | D ] C:\Intel
[28/07/2009 - 19:41:52 | RASH | 0] C:\IO.SYS
[28/07/2009 - 19:41:52 | RASH | 0] C:\MSDOS.SYS
[06/12/2009 - 15:55:13 | RHD ] C:\MSOCache
[14/04/2008 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[14/04/2008 - 14:00:00 | RASH | 250048] C:\ntldr
[28/07/2009 - 14:09:57 | D ] C:\NVIDIA
[13/06/2010 - 11:45:32 | ASH | 2145386496] C:\pagefile.sys
[13/06/2010 - 13:33:15 | RD ] C:\Program Files
[13/06/2010 - 13:52:31 | SHD ] C:\RECYCLER
[13/06/2010 - 13:33:23 | D ] C:\rsit
[28/07/2009 - 19:44:33 | SHD ] C:\System Volume Information
[13/06/2010 - 13:52:31 | D ] C:\UsbFix
[13/06/2010 - 13:52:33 | A | 2047] C:\Usbfix.txt
[09/06/2010 - 08:42:07 | D ] C:\WINDOWS
[13/10/2009 - 13:06:42 | RD ] D:\anime
[02/08/2009 - 00:02:05 | D ] D:\blablabla
[26/05/2010 - 12:30:04 | D ] D:\movies
[28/07/2009 - 19:20:37 | D ] D:\MP3
[13/06/2010 - 02:58:52 | D ] D:\New downloads
[11/06/2010 - 22:39:05 | D ] D:\Poker
[13/06/2010 - 13:52:31 | SHD ] D:\RECYCLER
[26/05/2010 - 12:29:26 | D ] D:\serialy
[28/07/2009 - 14:52:02 | SHD ] D:\System Volume Information
[31/10/2009 - 02:11:59 | D ] E:\2K Games
[01/01/2010 - 20:00:51 | D ] E:\34c9a02c524ab4ec1f11b4c6d6
[25/03/2008 - 11:46:26 | A | 956286976] E:\AUTODESK AutoCAD.2007 (ENG.DVD) with crack.iso
[26/02/2010 - 16:41:16 | D ] E:\commandos1
[25/02/2010 - 21:07:27 | D ] E:\commandos2
[09/11/2009 - 14:01:57 | D ] E:\Dragons age
[25/05/2010 - 13:54:25 | D ] E:\HeM
[02/11/2009 - 14:23:01 | D ] E:\holden manager
[26/05/2010 - 20:50:13 | D ] E:\hon
[20/12/2009 - 23:07:51 | D ] E:\instalacne sracky
[06/12/2009 - 15:03:48 | D ] E:\Microsoft Office 2007 Professional Plus
[03/08/2009 - 14:26:23 | D ] E:\ottd
[29/04/2010 - 22:42:28 | D ] E:\pacmod
[19/05/2010 - 22:26:05 | D ] E:\Poker Stars
[08/12/2009 - 02:48:15 | D ] E:\PokerStove
[10/08/2009 - 14:25:25 | D ] E:\PowerISO
[12/10/2009 - 14:57:58 | D ] E:\RE5
[13/06/2010 - 13:52:31 | SHD ] E:\RECYCLER
[08/06/2010 - 02:40:27 | D ] E:\StarCraft II Beta
[07/03/2010 - 22:25:35 | D ] E:\steam
[28/07/2009 - 14:52:01 | SHD ] E:\System Volume Information
[05/06/2010 - 19:32:41 | D ] E:\tilt
[04/06/2010 - 16:41:24 | D ] E:\ts3
[30/09/2009 - 16:08:11 | D ] E:\ventrilo
[12/05/2010 - 00:45:46 | D ] E:\Warcraft III
[24/03/2010 - 20:56:45 | D ] E:\Warhammer Online - Age of Reckoning
[02/10/2009 - 21:05:31 | D ] E:\Warsow
[14/02/2010 - 19:47:21 | D ] E:\World of Warcraft
[29/04/2009 - 11:02:01 | R | 55] F:\autorun.inf
[29/04/2009 - 11:02:01 | R | 270336] F:\BlueBirds.exe
[29/04/2009 - 11:02:01 | R | 270336] F:\S e t u p.exe
[29/04/2009 - 11:02:01 | R | 81920] F:\Drag&Burn.exe
[06/05/2009 - 11:25:51 | A | 4700] G:\aaw7boot.log
[05/01/2005 - 18:57:56 | A | 0] G:\AUTOEXEC.BAT
[15/06/2008 - 17:25:58 | RASH | 211] G:\boot.ini
[25/10/2001 - 14:00:00 | RASH | 4952] G:\Bootfont.bin
[05/01/2005 - 18:57:56 | A | 0] G:\CONFIG.SYS
[05/01/2005 - 19:01:01 | HD ] G:\Documents and Settings
[14/06/2009 - 14:56:07 | A | 120] G:\drmHeader.bin
[15/06/2008 - 16:30:55 | D ] G:\e3e3b96e96b14d18738bf00d
[23/06/2007 - 12:27:01 | D ] G:\Fraps
[25/07/2008 - 12:18:12 | D ] G:\Intel10.0
[05/01/2005 - 18:57:56 | RASH | 0] G:\IO.SYS
[26/03/2008 - 08:32:41 | D ] G:\Logs
[05/01/2005 - 18:57:56 | RASH | 0] G:\MSDOS.SYS
[06/06/2009 - 17:44:18 | RHD ] G:\MSOCache
[15/06/2008 - 17:19:31 | RASH | 47564] G:\NTDETECT.COM
[15/06/2008 - 17:19:31 | RASH | 250576] G:\ntldr
[20/04/2008 - 15:54:05 | D ] G:\NVIDIA
[28/07/2009 - 09:10:22 | ASH | 1610612736] G:\pagefile.sys
[26/10/2008 - 13:53:02 | AH | 1073741824] G:\pfsvoddata.bbv
[04/10/2009 - 17:54:44 | RD ] G:\Program Files
[13/06/2010 - 13:52:31 | SHD ] G:\RECYCLER
[15/06/2008 - 17:33:13 | SHD ] G:\System Volume Information
[13/03/2008 - 22:34:51 | D ] G:\Temp
[25/07/2008 - 12:37:41 | ASH | 7168] G:\Thumbs.db
[12/01/2007 - 12:12:23 | D ] G:\totalcmd
[28/07/2009 - 19:05:58 | H | 460670] G:\treeinfo.wc
[26/07/2009 - 13:53:41 | D ] G:\WINDOWS
[20/09/2008 - 16:59:51 | D ] H:\1
[17/03/2008 - 20:40:22 | SHD ] H:\Config.Msi
[30/10/2009 - 15:18:18 | D ] H:\My Downloads
[13/06/2010 - 13:52:31 | SHD ] H:\RECYCLER
[22/04/2005 - 12:49:45 | SHD ] H:\System Volume Information
[07/02/2007 - 02:57:33 | H | 1756] H:\treeinfo.wc
[29/07/2009 - 02:52:00 | D ] H:\Videoclips
[03/11/2006 - 15:02:28 | D ] I:\DC++
[15/10/2008 - 16:46:34 | RD ] I:\Files
[28/07/2009 - 14:52:51 | D ] I:\games
[21/08/2009 - 01:09:14 | AD ] I:\mirc
[27/09/2007 - 01:56:30 | HD ] I:\msdownld.tmp
[07/03/2009 - 08:55:23 | D ] I:\NAPLIT
[15/06/2008 - 17:49:41 | D ] I:\RAZITKA
[13/06/2010 - 13:52:31 | SHD ] I:\RECYCLER
[30/05/2005 - 16:28:19 | SHD ] I:\System Volume Information
[21/11/2006 - 17:58:07 | H | 34947] I:\treeinfo.wc
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_CHANGEME.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
OTL log
OTL logfile created on: 6/13/2010 13:54:13 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\milanko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 8.94 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 20.15 Gb Free Space | 6.88% Space Free | Partition Type: NTFS
Drive E: | 356.83 Gb Total Space | 278.23 Gb Free Space | 77.97% Space Free | Partition Type: NTFS
Drive F: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.37 Gb Total Space | 5.35 Gb Free Space | 30.82% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 32.97 Gb Free Space | 67.51% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 9.85 Gb Free Space | 20.17% Space Free | Partition Type: NTFS
Computer Name: CHANGEME
Current User Name: milanko
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/06/13 13:47:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milanko\Desktop\OTL.exe
PRC - [2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/13 17:48:32 | 000,079,360 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe
PRC - [2003/12/22 17:36:14 | 000,581,632 | ---- | M] () -- C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe
========== Modules (SafeList) ==========
MOD - [2010/06/13 13:47:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milanko\Desktop\OTL.exe
MOD - [2008/04/14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [Auto | Stopped] -- -- (LiveTurbineMessageService)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/12/06 15:49:52 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/03/13 05:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
========== Driver Services (SafeList) ==========
DRV - [2010/02/28 04:47:27 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/08 02:54:22 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/14 20:54:00 | 007,741,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/09/23 19:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/07/03 17:03:00 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/08/13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-789336058-1580818891-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-1580818891-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="
FF - prefs.js..network.proxy.type: 2
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/19 14:09:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/18 13:22:17 | 000,000,000 | ---D | M]
[2009/07/28 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Extensions
[2010/06/12 16:44:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions
[2010/03/29 13:00:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/25 03:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions\battlefieldheroespatcher@ea.com
[2009/11/08 17:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions\QLDP@peol
[2009/07/28 17:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\gsc7d0tw.default\extensions
[2009/07/28 18:36:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\gsc7d0tw.default\searchplugins\icqplugin.xml
[2010/06/12 16:44:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/08/09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll
[2010/03/27 01:51:13 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/03/27 01:51:13 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/03/27 01:51:13 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/03/27 01:51:13 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/03/27 01:51:13 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/03/27 01:51:13 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: ([2009/10/31 14:17:34 | 000,338,137 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11596 more lines...
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] E:\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] E:\Turbine Download Manager\TurbineDownloadManagerIcon.exe File not found
O4 - HKLM..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\milanko\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati ... 0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\milanko\Application Data\mrpky.exe) - C:\Documents and Settings\milanko\Application Data\mrpky.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\milanko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\milanko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/28 19:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:37 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:37 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O32 - AutoRun File - [2009/04/29 11:02:01 | 000,000,055 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/01/05 18:57:56 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:40 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:40 | 000,000,000 | RHSD | M] - H:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/06/13 13:52:40 | 000,000,000 | RHSD | M] - I:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/28 19:41:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308606093492224)
========== Files/Folders - Created Within 30 Days ==========
[2010/06/13 13:52:37 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2010/06/13 13:47:52 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010/06/13 13:47:17 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\milanko\Desktop\OTL.exe
[2010/06/13 13:46:58 | 001,214,120 | ---- | C] (C_XX & El Desaparecido) -- C:\Documents and Settings\milanko\Desktop\UsbFix.exe
[2010/06/13 13:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/06/13 13:33:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010/06/08 17:11:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\milanko\Recent
[2010/05/28 15:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milanko\Desktop\Prago Union - Dezorient Expres (2010)-KKM_2008
[2010/05/25 13:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milanko\Local Settings\Application Data\In_The_Money_LLC
[2010/05/25 13:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\milanko\Local Settings\Application Data\In The Money
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/06/13 13:52:40 | 001,130,552 | ---- | M] () -- C:\UsbFix_Upload_Me_CHANGEME.zip
[2010/06/13 13:47:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\milanko\Desktop\OTL.exe
[2010/06/13 13:47:00 | 001,214,120 | ---- | M] (C_XX & El Desaparecido) -- C:\Documents and Settings\milanko\Desktop\UsbFix.exe
[2010/06/13 13:32:28 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\RSIT.exe
[2010/06/13 11:50:07 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/13 11:50:07 | 000,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/13 11:50:07 | 000,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/13 11:45:38 | 000,243,548 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/06/13 11:45:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/13 11:45:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/13 03:51:43 | 009,699,328 | -H-- | M] () -- C:\Documents and Settings\milanko\NTUSER.DAT
[2010/06/13 03:51:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\milanko\ntuser.ini
[2010/06/13 02:58:07 | 000,203,264 | ---- | M] () -- C:\Documents and Settings\milanko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/12 21:26:41 | 000,139,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/06/12 21:26:32 | 000,214,720 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/06/11 12:59:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/08 17:15:57 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\LuckyAcePoker.lnk
[2010/06/08 17:10:04 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\CCleaner.lnk
[2010/06/06 21:08:48 | 030,177,066 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\The Thin Red Line - Episode 8.mp4
[2010/06/06 13:54:23 | 061,994,303 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP52nd part.wmv
[2010/06/06 13:44:03 | 068,249,271 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP51st part.wmv
[2010/06/06 13:38:56 | 084,702,955 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP5 3rd part.wmv
[2010/06/01 04:05:36 | 002,108,336 | -H-- | M] () -- C:\Documents and Settings\milanko\Local Settings\Application Data\IconCache.db
[2010/06/01 04:01:48 | 000,086,016 | RHS- | M] () -- C:\Documents and Settings\milanko\Application Data\mrpky.exe
[2010/05/25 13:54:22 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\milanko\Desktop\HoldemManager.lnk
[2010/05/14 21:08:09 | 000,195,614 | ---- | M] () -- C:\Documents and Settings\milanko\My Documents\ts3_clientui-win32-10723-2010-05-14 21_08_09.359375.dmp
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/13 13:52:40 | 001,130,552 | ---- | C] () -- C:\UsbFix_Upload_Me_CHANGEME.zip
[2010/06/13 13:32:28 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\RSIT.exe
[2010/06/08 17:15:57 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\LuckyAcePoker.lnk
[2010/06/06 21:06:30 | 030,177,066 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\The Thin Red Line - Episode 8.mp4
[2010/06/06 13:50:31 | 061,994,303 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP52nd part.wmv
[2010/06/06 13:39:39 | 068,249,271 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP51st part.wmv
[2010/06/06 13:33:06 | 084,702,955 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\BLUEFIRE-SP5 3rd part.wmv
[2010/06/01 04:01:48 | 000,086,016 | RHS- | C] () -- C:\Documents and Settings\milanko\Application Data\mrpky.exe
[2010/05/25 13:54:22 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\milanko\Desktop\HoldemManager.lnk
[2010/05/14 21:08:09 | 000,195,614 | ---- | C] () -- C:\Documents and Settings\milanko\My Documents\ts3_clientui-win32-10723-2010-05-14 21_08_09.359375.dmp
[2010/05/12 18:00:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.INI
[2009/10/31 23:51:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/17 18:38:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2009/09/30 16:07:39 | 000,000,239 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/08 02:54:22 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/07/31 04:32:56 | 000,139,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/07/29 03:38:42 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/29 03:38:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/28 19:47:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/07/28 19:47:02 | 000,035,562 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/28 19:47:02 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/07/28 18:27:07 | 000,000,440 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/10/14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 11:56:48 | 003,223,552 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/10/14 11:56:48 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/10/14 11:56:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/10/14 11:56:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/10/14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2009/07/29 14:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/12/06 15:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/11/03 04:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/08/08 02:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/28 18:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/05/10 17:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/01/27 19:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2010/01/02 23:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2009/08/12 17:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/01 15:08:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\milanko\Application Data\.#
[2009/07/28 19:15:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ACD Systems
[2009/12/06 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Autodesk
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\BSplayer
[2009/08/08 02:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\DAEMON Tools Lite
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Fpscore Metro
[2010/06/13 13:19:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQ
[2009/07/28 19:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQ Toolbar
[2009/07/28 19:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQLite
[2009/07/31 04:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\id Software
[2010/06/07 14:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\LuckyAcePoker.com
[2009/11/01 23:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Microgaming
[2009/07/30 02:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Octoshape
[2009/07/28 21:35:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Opera
[2010/04/23 20:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Paradoxx
[2010/05/27 01:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\TeamViewer
[2010/06/13 13:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
< c:\windows\*.* /U >
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009/07/29 14:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/02/09 20:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/12 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/08/12 17:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/06 15:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/11/03 04:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2009/08/05 15:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010/05/02 17:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2009/08/08 02:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/28 18:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2010/05/10 17:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/12/06 15:57:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/12/06 15:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/02 14:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/07/28 14:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/10/31 02:18:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SecuROM
[2010/03/22 23:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/02/26 14:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/27 19:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine
[2009/08/23 21:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/01/02 23:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XHEO INC
[2009/08/12 17:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 13:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
[2009/07/13 14:22:08 | 000,075,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
[2010/04/13 13:03:36 | 002,373,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
< %APPDATA%\*. >
[2010/04/01 15:08:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\milanko\Application Data\.#
[2009/07/28 19:15:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ACD Systems
[2009/07/28 19:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Adobe
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Apple Computer
[2009/12/06 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Autodesk
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\BSplayer
[2009/08/08 02:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\DAEMON Tools Lite
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\DivX
[2010/02/09 13:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\dvdcss
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Fpscore Metro
[2010/06/13 13:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Hamachi
[2010/02/28 04:30:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\HamachiBackup
[2009/07/28 19:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Help
[2010/06/13 13:19:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQ
[2009/07/28 19:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQ Toolbar
[2009/07/28 19:15:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\ICQLite
[2009/07/31 04:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\id Software
[2009/07/28 19:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Identities
[2009/07/28 19:16:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\IGN_DLM
[2009/07/28 19:16:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\InstallShield
[2009/07/28 19:16:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Logitech
[2010/06/07 14:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\LuckyAcePoker.com
[2009/07/28 19:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Macromedia
[2010/06/08 17:11:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Media Player Classic
[2009/11/01 23:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Microgaming
[2010/04/14 19:22:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\milanko\Application Data\Microsoft
[2009/07/31 03:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Mozilla
[2009/10/30 16:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Nero
[2009/07/30 02:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Octoshape
[2009/07/28 21:35:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\milanko\Application Data\Opera
[2010/04/23 20:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Paradoxx
[2010/06/02 16:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Skype
[2010/06/02 16:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\skypePM
[2010/03/05 22:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Sun
[2009/07/28 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Symantec
[2009/07/28 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\teamspeak2
[2010/05/27 01:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\TeamViewer
[2010/06/13 13:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\uTorrent
[2009/09/30 16:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Ventrilo
[2010/06/13 01:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\vlc
[2009/07/28 20:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\Winamp
[2009/07/28 19:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\milanko\Application Data\WinRAR
< %APPDATA%\*.exe /s >
[2010/06/01 04:01:48 | 000,086,016 | RHS- | M] () -- C:\Documents and Settings\milanko\Application Data\mrpky.exe
[2010/06/07 14:14:26 | 017,128,634 | ---- | M] () -- C:\Documents and Settings\milanko\Application Data\LuckyAcePoker.com\setup.exe
[2010/03/02 21:25:40 | 000,319,488 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\milanko\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2010/01/23 22:29:35 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\milanko\Application Data\Microsoft\Installer\{0AB9284A-07F7-443E-85FA-F27DC541C355}\_BE7F1BED6B1ED5EBA3E81F.exe
[2010/01/23 22:29:35 | 000,013,942 | R--- | M] () -- C:\Documents and Settings\milanko\Application Data\Microsoft\Installer\{0AB9284A-07F7-443E-85FA-F27DC541C355}\_ED28DD159B145EDA29D03B.exe
[2007/01/08 20:35:44 | 000,061,440 | RH-- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\milanko\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
[2009/06/25 16:36:16 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Documents and Settings\milanko\Application Data\Mozilla\Firefox\Profiles\fep6jl7r.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2009/01/08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\milanko\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[2010/04/25 13:12:15 | 015,736,940 | ---- | M] (Paradoxx Software s.r.o. ) -- C:\Documents and Settings\milanko\Application Data\Paradoxx\PhoneReport\Updates\update_3.60.03.99.exe
< MD5 for: AGP440.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008/04/14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008/04/14 14:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/04/14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CHANGER.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: CRYPTSVC.DLL >
[2008/04/14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008/04/14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
< MD5 for: ISAPNP.SYS >
[2009/07/14 22:39:10 | 017,778,242 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008/04/13 22:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008/04/13 22:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\isapnp.sys
< MD5 for: LSASS.EXE >
[2008/04/14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008/04/14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2008/04/14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008/04/14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2009/07/14 22:17:16 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2009/07/14 22:17:16 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008/04/14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008/04/14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008/04/14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008/04/14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/08/08 02:54:22 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009/07/28 21:31:37 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/28 21:31:37 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/28 21:31:36 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010/06/12 21:26:41 | 000,139,336 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
< %systemroot%\system32\*.* /3 >
[2010/06/13 11:45:38 | 000,243,548 | ---- | M] () -- C:\WINDOWS\system32\NvApps.xml
[2010/06/13 11:50:07 | 000,071,982 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010/06/13 11:50:07 | 000,443,724 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010/06/13 11:50:07 | 000,525,448 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010/06/12 21:26:32 | 000,214,720 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2010/06/12 21:26:32 | 000,214,720 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.xtr
[2010/06/11 12:59:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
Re: Problem zrejme s malwarom.
extras log
OTL Extras logfile created on: 6/13/2010 13:54:13 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\milanko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 8.94 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 20.15 Gb Free Space | 6.88% Space Free | Partition Type: NTFS
Drive E: | 356.83 Gb Total Space | 278.23 Gb Free Space | 77.97% Space Free | Partition Type: NTFS
Drive F: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.37 Gb Total Space | 5.35 Gb Free Space | 30.82% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 32.97 Gb Free Space | 67.51% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 9.85 Gb Free Space | 20.17% Space Free | Partition Type: NTFS
Computer Name: CHANGEME
Current User Name: milanko
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"I:\mirc\mirc32.exe" = I:\mirc\mirc32.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"E:\World of Warcraft\BackgroundDownloader.exe" = E:\World of Warcraft\BackgroundDownloader.exe:*:Disabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\savage2\savage2.exe" = E:\savage2\savage2.exe:*:Enabled:savage2 -- File not found
"E:\TTD\openttd.exe" = E:\TTD\openttd.exe:*:Disabled:OpenTTD -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe" = C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe" = C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"E:\Ventrilo.exe" = E:\Ventrilo.exe:*:Enabled:Ventrilo.exe -- File not found
"E:\holden manager\HoldemManager.exe" = E:\holden manager\HoldemManager.exe:*:Enabled:HoldemManager -- File not found
"G:\Program Files\Skype\Plugin Manager\skypePM.exe" = G:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"E:\steam\Steam.exe" = E:\steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Turbine Download Manager\TurbineMessageService.exe" = E:\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
"E:\commandos2\comm2.exe" = E:\commandos2\comm2.exe:*:Enabled:Play Commandos II -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\T-Mobile Communication Center\TMCC.exe" = C:\Program Files\T-Mobile Communication Center\TMCC.exe:*:Enabled:T-Mobile Communication Center -- File not found
"G:\Program Files\Steam\steamapps\mino_o\counter-strike\hl.exe" = G:\Program Files\Steam\steamapps\mino_o\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AB9284A-07F7-443E-85FA-F27DC541C355}" = PacMod
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.42
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90120000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online - Eberron Unlimited™
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"ComandoDeinstKey" = Commando
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Hamachi" = Hamachi 1.0.2.5
"hon" = Heroes of Newerth
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Lexicon 4.0" = Lexicon 2002
"LogMeIn Hamachi" = LogMeIn Hamachi
"LuckyAcePoker.com" = LuckyAcePoker.com
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 0.7.2
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"Red Alert" = Red Alert Windows 95
"SpeedFan" = SpeedFan (remove only)
"StarCraft II Beta" = StarCraft II Beta
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"Usbfix" = Usbfix By C_XX & El Desaparecido
"VLC media player" = VLC media player 1.0.2
"Warcraft III" = Warcraft III
"Warhammer Online - Age of Reckoning_is1" = Warhammer Online - Age of Reckoning
"Warhammer Online: Age of Reckoning_is1" = Warhammer Online: Age of Reckoning
"WChat" = Westwood Online
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/23/2010 20:17:34 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/23/2010 20:17:57 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/23/2010 20:18:11 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/23/2010 20:48:31 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.4503, faulting module
mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/23/2010 20:48:34 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.4503, faulting module
mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/25/2010 7:21:58 | Computer Name = CHANGEME | Source = Application Hang | ID = 1002
Description = Hanging application update_3.60.03.99.tmp, version 51.50.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/26/2010 18:08:57 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.10.8679.0, faulting module
opera.dll, version 9.10.8679.0, fault address 0x002e70f2.
Error - 4/26/2010 21:05:34 | Computer Name = CHANGEME | Source = Application Hang | ID = 1002
Description = Hanging application Ventrilo 2.1.4.exe, version 2.1.4.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/28/2010 10:56:19 | Computer Name = CHANGEME | Source = Application Hang | ID = 1002
Description = Hanging application Ventrilo 2.1.4.exe, version 2.1.4.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/29/2010 22:07:24 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.10.8679.0, faulting module
opera.dll, version 9.10.8679.0, fault address 0x002e714a.
[ System Events ]
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The PostgreSQL Database Server 8.3 service terminated unexpectedly.
It has done this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Hamachi 2.0 Tunneling Engine service terminated unexpectedly.
It has done this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
OTL Extras logfile created on: 6/13/2010 13:54:13 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\milanko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 8.94 Gb Free Space | 18.32% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 20.15 Gb Free Space | 6.88% Space Free | Partition Type: NTFS
Drive E: | 356.83 Gb Total Space | 278.23 Gb Free Space | 77.97% Space Free | Partition Type: NTFS
Drive F: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.37 Gb Total Space | 5.35 Gb Free Space | 30.82% Space Free | Partition Type: NTFS
Drive H: | 48.83 Gb Total Space | 32.97 Gb Free Space | 67.51% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 9.85 Gb Free Space | 20.17% Space Free | Partition Type: NTFS
Computer Name: CHANGEME
Current User Name: milanko
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"I:\mirc\mirc32.exe" = I:\mirc\mirc32.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"E:\World of Warcraft\BackgroundDownloader.exe" = E:\World of Warcraft\BackgroundDownloader.exe:*:Disabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\savage2\savage2.exe" = E:\savage2\savage2.exe:*:Enabled:savage2 -- File not found
"E:\TTD\openttd.exe" = E:\TTD\openttd.exe:*:Disabled:OpenTTD -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe" = C:\Program Files\Activision\Wolfenstein\MP\Wolf2MP.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe" = C:\Program Files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:*:Enabled:Wolfenstein(TM) -- (Activision)
"E:\Ventrilo.exe" = E:\Ventrilo.exe:*:Enabled:Ventrilo.exe -- File not found
"E:\holden manager\HoldemManager.exe" = E:\holden manager\HoldemManager.exe:*:Enabled:HoldemManager -- File not found
"G:\Program Files\Skype\Plugin Manager\skypePM.exe" = G:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"E:\steam\Steam.exe" = E:\steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Turbine Download Manager\TurbineMessageService.exe" = E:\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
"E:\commandos2\comm2.exe" = E:\commandos2\comm2.exe:*:Enabled:Play Commandos II -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\T-Mobile Communication Center\TMCC.exe" = C:\Program Files\T-Mobile Communication Center\TMCC.exe:*:Enabled:T-Mobile Communication Center -- File not found
"G:\Program Files\Steam\steamapps\mino_o\counter-strike\hl.exe" = G:\Program Files\Steam\steamapps\mino_o\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AB9284A-07F7-443E-85FA-F27DC541C355}" = PacMod
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.42
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90120000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online - Eberron Unlimited™
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"ComandoDeinstKey" = Commando
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Hamachi" = Hamachi 1.0.2.5
"hon" = Heroes of Newerth
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Lexicon 4.0" = Lexicon 2002
"LogMeIn Hamachi" = LogMeIn Hamachi
"LuckyAcePoker.com" = LuckyAcePoker.com
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 0.7.2
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"Red Alert" = Red Alert Windows 95
"SpeedFan" = SpeedFan (remove only)
"StarCraft II Beta" = StarCraft II Beta
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"Usbfix" = Usbfix By C_XX & El Desaparecido
"VLC media player" = VLC media player 1.0.2
"Warcraft III" = Warcraft III
"Warhammer Online - Age of Reckoning_is1" = Warhammer Online - Age of Reckoning
"Warhammer Online: Age of Reckoning_is1" = Warhammer Online: Age of Reckoning
"WChat" = Westwood Online
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-789336058-1580818891-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/23/2010 20:17:34 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/23/2010 20:17:57 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/23/2010 20:18:11 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/23/2010 20:48:31 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.4503, faulting module
mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/23/2010 20:48:34 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.4503, faulting module
mpeg2dmx.ax, version 2.0.84.30429, fault address 0x0000dff3.
Error - 4/25/2010 7:21:58 | Computer Name = CHANGEME | Source = Application Hang | ID = 1002
Description = Hanging application update_3.60.03.99.tmp, version 51.50.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/26/2010 18:08:57 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.10.8679.0, faulting module
opera.dll, version 9.10.8679.0, fault address 0x002e70f2.
Error - 4/26/2010 21:05:34 | Computer Name = CHANGEME | Source = Application Hang | ID = 1002
Description = Hanging application Ventrilo 2.1.4.exe, version 2.1.4.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/28/2010 10:56:19 | Computer Name = CHANGEME | Source = Application Hang | ID = 1002
Description = Hanging application Ventrilo 2.1.4.exe, version 2.1.4.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 4/29/2010 22:07:24 | Computer Name = CHANGEME | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.10.8679.0, faulting module
opera.dll, version 9.10.8679.0, fault address 0x002e714a.
[ System Events ]
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The PostgreSQL Database Server 8.3 service terminated unexpectedly.
It has done this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Hamachi 2.0 Tunneling Engine service terminated unexpectedly.
It has done this 1 time(s).
Error - 6/13/2010 7:48:10 | Computer Name = CHANGEME | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Problem zrejme s malwarom.
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (LiveTurbineNetworkService)
SRV - File not found [Auto | Stopped] -- -- (LiveTurbineMessageService)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\RunOnce: [] File not found
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\milanko\Application Data\mrpky.exe) - C:\Documents and Settings\milanko\Application Data\mrpky.exe ()
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010/06/01 04:01:48 | 000,086,016 | RHS- | M] () -- C:\Documents and Settings\milanko\Application Data\mrpky.exe
[2010/04/01 15:08:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\milanko\Application Data\.#
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.
Re: Problem zrejme s malwarom.
All processes killed
========== OTL ==========
Service LiveTurbineNetworkService stopped successfully!
Service LiveTurbineNetworkService deleted successfully!
Service LiveTurbineMessageService stopped successfully!
Service LiveTurbineMessageService deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Documents and Settings\milanko\Application Data\mrpky.exe deleted successfully.
C:\Documents and Settings\milanko\Application Data\mrpky.exe moved successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET4F7.tmp deleted successfully.
C:\WINDOWS\System32\SET4FC.tmp deleted successfully.
C:\WINDOWS\System32\SET54A.tmp deleted successfully.
File C:\Documents and Settings\milanko\Application Data\mrpky.exe not found.
C:\Documents and Settings\milanko\Application Data\.# folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: milanko
->Temp folder emptied: 14230896 bytes
->Temporary Internet Files folder emptied: 1004150 bytes
->Java cache emptied: 10680297 bytes
->FireFox cache emptied: 77829788 bytes
->Flash cache emptied: 1040929 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 100.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: milanko
->Flash cache emptied: 0 bytes
User: NetworkService
User: postgres
Total Flash Files Cleaned = 0.00 mb
Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.6.0 log created on 06132010_145332
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== OTL ==========
Service LiveTurbineNetworkService stopped successfully!
Service LiveTurbineNetworkService deleted successfully!
Service LiveTurbineMessageService stopped successfully!
Service LiveTurbineMessageService deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Documents and Settings\milanko\Application Data\mrpky.exe deleted successfully.
C:\Documents and Settings\milanko\Application Data\mrpky.exe moved successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET4F7.tmp deleted successfully.
C:\WINDOWS\System32\SET4FC.tmp deleted successfully.
C:\WINDOWS\System32\SET54A.tmp deleted successfully.
File C:\Documents and Settings\milanko\Application Data\mrpky.exe not found.
C:\Documents and Settings\milanko\Application Data\.# folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: milanko
->Temp folder emptied: 14230896 bytes
->Temporary Internet Files folder emptied: 1004150 bytes
->Java cache emptied: 10680297 bytes
->FireFox cache emptied: 77829788 bytes
->Flash cache emptied: 1040929 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 100.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: milanko
->Flash cache emptied: 0 bytes
User: NetworkService
User: postgres
Total Flash Files Cleaned = 0.00 mb
Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.6.0 log created on 06132010_145332
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Problem zrejme s malwarom.
Zrejme dobre, zatial sa mi to nestalo uz ani 1x takze to bude dufam fixnute.
Dik za rychlu a kvalitnu pomoc.
Dik za rychlu a kvalitnu pomoc.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Problem zrejme s malwarom.
Znovu spusťte UsbFix a zvolte možnost Uninstall. Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
- Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
- Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.
Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
- Spusťte.
- Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)
Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
Záložka Čistič - Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
Záložka Registry - Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít
V logu nevidím antivir a firewall, doinstalujte 
http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523 Dejte nový log z RSIT.
Přispějete na provoz fóra?