FB vír. pls help

Zpráva

andy_721 · #16 Příspěvek od **andy_721** » 30 říj 2011 11:26

kam mám vytvoriť ten textový súbor majúci obsah? tomu prvému okienku kód, moc nerozumiem

andy_721 · #17 Příspěvek od **andy_721** » 30 říj 2011 11:40

ComboFix 11-10-29.05 - Erika 30.10.2011 11:32:06.3.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1390 [GMT 1:00]
Running from: c:\documents and settings\Erika\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-29 18:14 . 2011-10-29 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-29 18:14 . 2011-10-29 18:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-29 15:47 . 2011-10-29 15:47 512 ----a-w- C:\PhysicalMBR.bin
2011-10-29 15:26 . 2011-10-29 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-10-29 14:34 . 2011-10-29 15:14 -------- d-----w- c:\program files\avz4
2011-10-29 12:30 . 2011-10-29 15:26 -------- d-----w- c:\program files\ESET
2011-10-29 09:38 . 2011-10-29 15:22 -------- d-----w- c:\program files\trend micro
2011-10-29 09:38 . 2011-10-29 09:39 -------- d-----w- C:\rsit
2011-10-29 08:07 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-28 21:18 . 2011-10-29 15:14 -------- d-----w- c:\windows\ufa
2011-10-28 16:27 . 2011-10-28 21:18 246272 ----a-w- c:\windows\unrar.exe
2011-10-26 05:48 . 2011-10-26 05:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\DSS
2011-10-23 14:51 . 2011-10-23 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-23 14:44 . 2011-10-23 14:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-18 07:34 . 2011-10-18 07:34 4590240 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-07 19:20 . 2011-10-17 13:06 -------- d-----w- c:\program files\NCSoft
2011-10-03 15:48 . 2011-10-03 16:34 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\NFS Underground 2
2011-10-03 15:48 . 2011-10-03 15:48 -------- d-----w- c:\program files\Common Files\DirectX
2011-10-03 15:37 . 2011-10-03 18:56 -------- d-----w- c:\documents and settings\Erika\Application Data\Hamachi
2011-10-03 15:37 . 2011-10-03 15:37 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-10-03 15:37 . 2011-10-03 15:37 -------- d-----w- c:\program files\Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 09:47 . 2009-12-24 18:57 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-10-30 09:47 . 2009-12-24 18:56 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-10-30 09:47 . 2009-12-24 18:56 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-18 12:42 . 2011-06-09 19:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-03 23:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2007-01-16 20:07 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2007-01-16 20:07 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2004-08-03 21:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2004-08-03 21:59 369664 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-03 22:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-12 11:51 . 2009-11-25 21:26 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-08-09 12:24 . 2009-04-09 14:10 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2009-04-09 14:21 103112 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-08-04 07:20 . 2009-04-09 14:18 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-12-24 18:16 . 2009-12-24 18:16 1924200 ----a-w- c:\program files\install_flash_player.exe
2009-12-24 17:56 . 2009-12-24 17:56 2020136 ----a-w- c:\program files\SkypeSetup.exe
2011-07-08 07:52 . 2011-07-14 23:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-29_17.57.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-30 09:09 . 2011-10-30 09:09 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2011-10-30 09:09 . 2011-10-30 09:09 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat
+ 2001-08-23 12:00 . 2011-10-30 09:12 85482 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-10-30 09:12 496998 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Brothersoft\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-16 323392]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-28 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13680640]
"nwiz"="nwiz.exe" [2009-01-14 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\Activision\Call of Duty 2\GamePark2\gpcl.exe [2011-8-9 409088]
Monitor.lnk - c:\program files\USB Video Camera\Monitor.exe [2007-10-16 249856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\Erika\\Desktop\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steamapps\\illuzion_721\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Erika\\Desktop\\Nový priečinok (3)\\hl.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Underground 2\\SPEED2.EXE"=
"c:\\Documents and Settings\\Erika\\Desktop\\wow 3.3.5\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.4.2009 15:21 103112]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4.8.2004 0:56 14336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 11:03 974944]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.12.2009 19:20 247096]
R4 d347bus;d347bus;c:\windows\system32\DRIVERS\d347bus.sys --> c:\windows\system32\DRIVERS\d347bus.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate1caab44d4fd2f2e;Služba Google Update (gupdate1caab44d4fd2f2e);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2010 19:05 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.11.2009 17:04 1684736]
S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [19.2.2008 11:48 2333568]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6.4.2010 18:28 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2010 19:05 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [11.11.2010 19:25 100736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13.9.2010 17:43 47360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PNKBSTRB
*NewlyCreated* - PNKBSTRK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 18:05]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 18:05]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
- c:\documents and settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 19:30]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job
- c:\documents and settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.garena.com/
uDefault_Search_URL =
mSearch Bar =
uSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 85.237.225.250 172.20.0.1
FF - ProfilePath - c:\documents and settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=vsl
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 11:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-261478967-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:75,78,7e,1e,92,05,05,84,bf,27,a0,9e,29,e0,74,23,ec,77,7f,45,6d,
48,2d,9f,cd,21,f4,40,c6,64,0c,46,79,7d,e7,00,f9,e6,31,93,d9,f1,f7,be,c1,8b,\
"rkeysecu"=hex:dc,44,e3,f1,ba,72,41,5c,27,64,02,98,34,37,db,57
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2868)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\mslbui.dll
.
Completion time: 2011-10-30 11:39:19
ComboFix-quarantined-files.txt 2011-10-30 10:39
ComboFix2.txt 2011-10-29 17:59
.
Pre-Run: 103 084 793 856 bytes free
Post-Run: 18 adresárov, 103 071 686 656 voľných bajtov
.
- - End Of File - - 7E464008A45D5D30A544E10BF9967B87

andy_721 · #18 Příspěvek od **andy_721** » 30 říj 2011 12:14

ComboFix 11-10-29.05 - Erika 30.10.2011 11:59:55.5.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1348 [GMT 1:00]
Running from: c:\documents and settings\Erika\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Erika\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\program files\Common Files\Akamai\netsession_win_807ba95.dll"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Common Files\Akamai\AdminTool.exe
c:\program files\Common Files\Akamai\appregistry.dat
c:\program files\Common Files\Akamai\client.ini
c:\program files\Common Files\Akamai\client.ini.json
c:\program files\Common Files\Akamai\ControlPanel.exe
c:\program files\Common Files\Akamai\CplTasks.xml
c:\program files\Common Files\Akamai\euc_state.json
c:\program files\Common Files\Akamai\guid.ini
c:\program files\Common Files\Akamai\installer.txt
c:\program files\Common Files\Akamai\Languages\csy.dll
c:\program files\Common Files\Akamai\Languages\dan.dll
c:\program files\Common Files\Akamai\Languages\deu.dll
c:\program files\Common Files\Akamai\Languages\esp.dll
c:\program files\Common Files\Akamai\Languages\fin.dll
c:\program files\Common Files\Akamai\Languages\fra.dll
c:\program files\Common Files\Akamai\Languages\chs.dll
c:\program files\Common Files\Akamai\Languages\cht.dll
c:\program files\Common Files\Akamai\Languages\ita.dll
c:\program files\Common Files\Akamai\Languages\jpn.dll
c:\program files\Common Files\Akamai\Languages\kor.dll
c:\program files\Common Files\Akamai\Languages\nld.dll
c:\program files\Common Files\Akamai\Languages\nor.dll
c:\program files\Common Files\Akamai\Languages\plk.dll
c:\program files\Common Files\Akamai\Languages\ptb.dll
c:\program files\Common Files\Akamai\Languages\ptg.dll
c:\program files\Common Files\Akamai\Languages\rus.dll
c:\program files\Common Files\Akamai\Languages\sve.dll
c:\program files\Common Files\Akamai\Languages\trk.dll
c:\program files\Common Files\Akamai\Logs\debug.log
c:\program files\Common Files\Akamai\Logs\debug.log.111023_114030.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_124031.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_134031.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_144031.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_154031.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_164031.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_174032.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_184033.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_194033.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_204034.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_214034.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111023_220113.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_064604.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_070756.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_125303.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_135303.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_145304.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_155304.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_165305.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_175305.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_185305.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_195306.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111024_205041.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_052155.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_053316.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_120408.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_130408.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_140409.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_150409.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_160410.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_170410.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_180411.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_190411.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_200412.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_210413.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111025_214146.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_051519.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_060751.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_085101.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_095101.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_105101.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_115101.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_125102.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_135102.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_145102.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_155102.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_165103.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_175103.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_185104.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_195104.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_205104.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111026_210919.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_125606.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_135606.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_145607.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_155608.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_165609.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_175609.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_185610.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_195611.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_205612.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_215613.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111027_222547.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_083700.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_093700.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_103700.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_113701.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_123701.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_133702.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_143703.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_153703.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_162144.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_162539.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_172539.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_182540.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_192540.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_202540.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_212541.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_222541.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_223509.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111028_235234.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_005234.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_015235.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_025236.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_035236.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_045236.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_055237.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_065237.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_075238.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_084845.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_084939.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_094940.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_104940.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_114941.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_124941.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_134942.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_144942.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_151431.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_151550.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_161550.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_171551.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_174618.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_174709.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_184710.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_194711.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_204711.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_214712.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_224825.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_225055.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111029_230735.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111030_090940.sent
c:\program files\Common Files\Akamai\Logs\debug.log.111030_100940.sent
c:\program files\Common Files\Akamai\netsession_win_807ba95.dll
c:\program files\Common Files\Akamai\readme.txt
c:\program files\Common Files\Akamai\root.pem
c:\program files\Common Files\Akamai\rswinui.exe
c:\program files\Common Files\Akamai\uninstall.exe
c:\program files\Common Files\Akamai\vcredist_x86.exe
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Service_Akamai
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
.
.
2011-10-29 18:14 . 2011-10-29 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-29 18:14 . 2011-10-29 18:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-29 15:47 . 2011-10-29 15:47 512 ----a-w- C:\PhysicalMBR.bin
2011-10-29 15:26 . 2011-10-29 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-10-29 14:34 . 2011-10-29 15:14 -------- d-----w- c:\program files\avz4
2011-10-29 12:30 . 2011-10-29 15:26 -------- d-----w- c:\program files\ESET
2011-10-29 09:38 . 2011-10-29 15:22 -------- d-----w- c:\program files\trend micro
2011-10-29 09:38 . 2011-10-29 09:39 -------- d-----w- C:\rsit
2011-10-29 08:07 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-26 05:48 . 2011-10-26 05:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\DSS
2011-10-23 14:51 . 2011-10-23 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-23 14:44 . 2011-10-23 14:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-18 07:34 . 2011-10-18 07:34 4590240 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-07 19:20 . 2011-10-17 13:06 -------- d-----w- c:\program files\NCSoft
2011-10-03 15:48 . 2011-10-03 16:34 -------- d-----w- c:\documents and settings\Erika\Local Settings\Application Data\NFS Underground 2
2011-10-03 15:48 . 2011-10-03 15:48 -------- d-----w- c:\program files\Common Files\DirectX
2011-10-03 15:37 . 2011-10-03 18:56 -------- d-----w- c:\documents and settings\Erika\Application Data\Hamachi
2011-10-03 15:37 . 2011-10-03 15:37 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-10-03 15:37 . 2011-10-03 15:37 -------- d-----w- c:\program files\Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 09:47 . 2009-12-24 18:57 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-10-30 09:47 . 2009-12-24 18:56 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-10-30 09:47 . 2009-12-24 18:56 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-18 12:42 . 2011-06-09 19:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-03 23:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2007-01-16 20:07 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56 . 2007-01-16 20:07 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56 . 2004-08-03 21:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56 . 2004-08-03 23:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35 . 2004-08-03 21:59 369664 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-03 22:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-12 11:51 . 2009-11-25 21:26 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2011-08-09 12:24 . 2009-04-09 14:10 154136 ----a-w- c:\windows\system32\drivers\eamon.sys
2011-08-04 07:20 . 2009-04-09 14:21 103112 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2011-08-04 07:20 . 2009-04-09 14:18 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-12-24 18:16 . 2009-12-24 18:16 1924200 ----a-w- c:\program files\install_flash_player.exe
2009-12-24 17:56 . 2009-12-24 17:56 2020136 ----a-w- c:\program files\SkypeSetup.exe
2011-07-08 07:52 . 2011-07-14 23:30 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-29_17.57.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-30 11:06 . 2011-10-30 11:06 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2001-08-23 12:00 . 2011-10-30 09:12 85482 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-10-30 09:12 496998 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Brothersoft\prxtbBro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\prxtbBro0.dll" [2011-01-17 175912]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-16 323392]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-28 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13680640]
"nwiz"="nwiz.exe" [2009-01-14 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GamePark klient 2.lnk - c:\program files\Activision\Call of Duty 2\GamePark2\gpcl.exe [2011-8-9 409088]
Monitor.lnk - c:\program files\USB Video Camera\Monitor.exe [2007-10-16 249856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\SkypePortable\\App\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\Erika\\Desktop\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steamapps\\illuzion_721\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\Erika\\Desktop\\Nový priečinok (3)\\hl.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Underground 2\\SPEED2.EXE"=
"c:\\Documents and Settings\\Erika\\Desktop\\wow 3.3.5\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.4.2009 15:21 103112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 11:03 974944]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.12.2009 19:20 247096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate1caab44d4fd2f2e;Služba Google Update (gupdate1caab44d4fd2f2e);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2010 19:05 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.11.2009 17:04 1684736]
S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\drivers\Ca2001v.sys [19.2.2008 11:48 2333568]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6.4.2010 18:28 36608]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2010 19:05 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [11.11.2010 19:25 100736]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13.9.2010 17:43 47360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 18:05]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 18:05]
.
2011-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
- c:\documents and settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 19:30]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job
- c:\documents and settings\Erika\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.garena.com/
uDefault_Search_URL =
mSearch Bar =
uSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 85.237.225.250 172.20.0.1
FF - ProfilePath - c:\documents and settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=vsl
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Akamai - c:\program files\Common Files\Akamai\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-30 12:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-261478967-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:75,78,7e,1e,92,05,05,84,bf,27,a0,9e,29,e0,74,23,ec,77,7f,45,6d,
48,2d,9f,cd,21,f4,40,c6,64,0c,46,79,7d,e7,00,f9,e6,31,93,d9,f1,f7,be,c1,8b,\
"rkeysecu"=hex:dc,44,e3,f1,ba,72,41,5c,27,64,02,98,34,37,db,57
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2856)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\mslbui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2011-10-30 12:13:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-30 11:13
ComboFix2.txt 2011-10-30 10:39
ComboFix3.txt 2011-10-29 17:59
.
Pre-Run: 103 044 780 032 bytes free
Post-Run: 18 adresárov, 103 025 549 312 voľných bajtov
.
- - End Of File - - B031AE99501991A6DE04C03952F79679

andy_721 · #19 Příspěvek od **andy_721** » 30 říj 2011 12:34

OTL logfile created on: 30.10.2011 12:29:37 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Erika\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,12% Memory free
3,85 Gb Paging File | 3,18 Gb Available in Paging File | 82,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 95,98 Gb Free Space | 41,21% Space Free | Partition Type: NTFS

Computer Name: ASUS | User Name: Erika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.10.29 16:43:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erika\Desktop\OTL.exe
PRC - [2011.10.26 09:10:47 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011.09.28 19:44:38 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2011.09.22 11:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.09.22 11:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.01.16 16:46:21 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.16 18:32:18 | 000,249,856 | ---- | M] () -- C:\Program Files\USB Video Camera\Monitor.exe
PRC - [2006.07.23 02:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe

========== Modules (No Company Name) ==========

MOD - [2011.10.26 09:10:46 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011.10.26 09:10:45 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011.10.26 09:09:09 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011.10.26 09:09:07 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011.10.26 09:09:06 | 001,745,992 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011.10.12 13:45:37 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011.10.12 13:45:10 | 000,194,344 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011.10.12 13:45:09 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011.10.12 13:45:07 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011.10.12 13:45:07 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2010.09.16 21:04:50 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
MOD - [2008.04.14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007.10.16 18:32:18 | 000,249,856 | ---- | M] () -- C:\Program Files\USB Video Camera\Monitor.exe

========== Win32 Services (SafeList) ==========

SRV - [2011.09.22 11:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.03.16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.02.08 18:30:00 | 004,067,472 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.10.06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011.10.30 10:47:28 | 000,137,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2011.10.03 16:37:37 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.08.09 13:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011.08.04 08:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011.08.04 08:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011.03.12 14:19:36 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2009.09.10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.24 18:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.02.03 10:22:00 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.09.25 14:51:42 | 000,115,328 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.02.19 11:48:42 | 002,333,568 | ---- | M] (Digital Camera) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ca2001v.sys -- (Ca2001v)
DRV - [2007.09.17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004.08.13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\URLSearchHook: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-343818398-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=vsl"
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e8de9422-3b2c-4243-bf6f-235da84d8ef8}:2.5.6.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.15 00:30:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.15 00:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.10.29 16:26:27 | 000,000,000 | ---D | M]

[2010.05.19 19:04:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Extensions
[2011.09.07 11:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions
[2010.05.19 19:05:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.07 11:12:41 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011.09.07 11:12:43 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2011.09.07 11:12:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.07 11:12:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.02 20:01:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.07 11:12:52 | 000,000,000 | ---D | M] (Brothersoft Community Toolbar) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}
[2010.09.19 18:26:55 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\battlefieldheroespatcher@ea.com
[2011.03.25 23:45:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com
[2011.10.29 19:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\ffxtlbr@Facemoods.com
[2011.06.20 13:07:12 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\conduit.xml
[2011.10.13 14:05:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\icqplugin-1.xml
[2011.08.18 20:40:40 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\icqplugin.gif
[2011.08.18 20:40:40 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\icqplugin.src
[2011.07.15 00:55:37 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\icqplugin.xml
[2011.08.22 15:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.28 23:15:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.02.25 23:33:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.22 15:01:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.02.25 23:33:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.07.08 08:52:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.03.22 03:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.01.01 09:00:00 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2010.01.01 09:00:00 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2010.01.01 09:00:00 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2010.12.27 11:03:32 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchvsl.xml
[2010.01.01 09:00:00 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2010.01.01 09:00:00 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2010.01.01 09:00:00 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\

O1 HOSTS File: ([2011.10.30 12:07:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-343818398-261478967-682003330-1003\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\prxtbBro0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-343818398-261478967-682003330-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-343818398-261478967-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-343818398-261478967-682003330-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamePark klient 2.lnk = C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe (Allstar Group, s.r.o.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\USB Video Camera\Monitor.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-261478967-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-343818398-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftup ... 9182061156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9181240250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.237.225.250 172.20.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1B60EBE-E9FF-428E-A052-1676E800B6D5}: DhcpNameServer = 85.237.225.250 172.20.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Erika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erika\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.25 16:45:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2011.10.30 11:59:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.10.30 11:48:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.10.29 19:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011.10.29 19:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.10.29 19:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.10.29 18:40:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.10.29 18:31:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.10.29 18:31:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.10.29 18:31:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.10.29 18:30:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.10.29 18:30:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.10.29 16:44:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erika\Desktop\OTL.exe
[2011.10.29 16:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.10.29 15:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\avz4
[2011.10.29 13:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.29 10:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.10.29 10:38:51 | 000,000,000 | ---D | C] -- C:\rsit
[2011.10.28 23:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011.10.28 18:14:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Erika\Recent
[2011.10.28 17:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erika\Start Menu\Programs\Google Chrome
[2011.10.28 17:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2011.10.26 06:48:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011.10.26 06:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erika\My Documents\EA Games
[2011.10.25 21:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erika\Desktop\Medal of Honor
[2011.10.23 15:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011.10.23 15:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010.09.13 17:43:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Erika\Application Data\pcouffin.sys
[2009.12.24 19:16:13 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[2009.12.24 18:56:08 | 002,020,136 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2011.10.30 12:26:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job
[2011.10.30 12:13:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.30 12:07:53 | 000,206,530 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.10.30 12:07:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.10.30 12:07:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.30 12:07:20 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.30 12:06:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.30 11:46:42 | 000,095,709 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\Nový objekt - WinRAR ZIP archiv.zip
[2011.10.30 11:46:30 | 000,109,461 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\screen.jpg
[2011.10.30 10:47:28 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.10.30 10:47:11 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2011.10.30 10:12:02 | 000,496,998 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.30 10:12:02 | 000,085,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.29 23:51:43 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.10.29 22:37:44 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.10.29 22:37:37 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.29 20:33:35 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011.10.29 19:14:45 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011.10.29 19:14:45 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\Spybot - Search & Destroy.lnk
[2011.10.29 18:41:05 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2011.10.29 18:33:47 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\Odkaz na ComboFix.lnk
[2011.10.29 18:02:10 | 000,046,217 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\report.zip
[2011.10.29 17:48:22 | 000,133,197 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\netession.jpg
[2011.10.29 17:41:35 | 000,136,619 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\svchost.jpg
[2011.10.29 17:40:08 | 000,135,418 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\physical.jpg
[2011.10.29 16:47:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.10.29 16:43:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erika\Desktop\OTL.exe
[2011.10.29 14:26:00 | 000,000,964 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
[2011.10.28 17:53:39 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\Google Chrome.lnk
[2011.10.28 17:53:39 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.10.28 17:24:29 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2011.10.27 22:27:41 | 000,514,518 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\IMG_27102011_231749.png
[2011.10.24 21:25:22 | 000,367,628 | ---- | M] () -- C:\Documents and Settings\Erika\Desktop\DSC00276.JPG
[2011.10.24 07:46:02 | 003,564,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.10.30 11:46:40 | 000,095,709 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\Nový objekt - WinRAR ZIP archiv.zip
[2011.10.30 11:46:30 | 000,109,461 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\screen.jpg
[2011.10.29 20:33:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011.10.29 19:14:45 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011.10.29 19:14:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\Spybot - Search & Destroy.lnk
[2011.10.29 18:41:05 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2011.10.29 18:41:00 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011.10.29 18:33:47 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\Odkaz na ComboFix.lnk
[2011.10.29 18:31:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.10.29 18:31:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.10.29 18:31:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.10.29 18:31:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.10.29 18:31:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.10.29 17:48:22 | 000,133,197 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\netession.jpg
[2011.10.29 17:41:35 | 000,136,619 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\svchost.jpg
[2011.10.29 17:40:08 | 000,135,418 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\physical.jpg
[2011.10.29 17:07:54 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\RKUnhookerLE.EXE
[2011.10.29 17:00:18 | 000,046,217 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\report.zip
[2011.10.29 16:47:47 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.10.29 09:07:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.10.28 23:14:36 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.10.28 17:53:39 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\Google Chrome.lnk
[2011.10.28 17:53:39 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.10.27 22:27:39 | 000,514,518 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\IMG_27102011_231749.png
[2011.10.24 21:25:22 | 000,367,628 | ---- | C] () -- C:\Documents and Settings\Erika\Desktop\DSC00276.JPG
[2011.10.23 15:44:32 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help.lnk
[2011.09.10 00:56:17 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2011.03.14 15:28:51 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011.03.12 14:19:36 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2011.01.24 18:13:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010.09.19 18:35:00 | 002,427,248 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2010.09.15 22:44:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.09.13 17:43:21 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2010.09.13 17:43:07 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\ezpinst.exe
[2010.09.13 17:43:07 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.cat
[2010.09.13 17:43:07 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.inf
[2010.06.08 17:21:39 | 000,000,062 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010.05.18 17:34:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.06 18:28:48 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.04.06 18:28:47 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.04.06 18:28:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\$_hpcst$.hpc
[2010.02.28 14:25:21 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Erika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.20 07:41:36 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Erika\Application Data\PnkBstrK.sys
[2010.01.20 07:41:18 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.01.14 17:29:47 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.12.24 19:57:05 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.12.24 19:56:57 | 000,214,520 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009.12.24 19:14:58 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.12.24 19:01:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.11.25 22:00:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.25 17:25:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.11.25 17:24:12 | 003,564,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.25 17:01:55 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009.11.25 17:01:48 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.11.25 17:01:38 | 000,024,674 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.11.25 17:01:38 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.11.25 16:47:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.11.25 16:43:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.01.14 11:49:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.01.14 11:49:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.01.14 11:49:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.01.14 11:49:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009.01.14 11:49:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.01.14 11:49:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.01.14 11:49:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.01.14 11:49:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.09.27 14:48:10 | 000,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2004.08.04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 13:00:00 | 000,496,998 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 13:00:00 | 000,085,482 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010.08.30 21:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2011.10.26 06:48:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2010.12.10 18:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011.10.28 23:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2010.12.10 18:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011.10.29 16:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.04.06 15:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011.09.10 00:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2011.02.22 18:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2010.04.06 18:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.06.08 17:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

andy_721 · #20 Příspěvek od **andy_721** » 30 říj 2011 12:36

[2011.10.23 15:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010.06.13 07:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011.02.26 19:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010.08.30 21:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Activision
[2009.12.24 19:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Allstar
[2011.10.26 07:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\BitTorrent
[2011.01.04 11:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\bizarre creations
[2011.10.30 12:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DNA
[2011.09.17 16:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DVDVideoSoft
[2011.03.28 20:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers
[2010.09.24 23:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\fizzy
[2011.10.03 16:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\GetRightToGo
[2011.10.28 17:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\go
[2011.10.30 11:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\ICQ
[2011.09.10 00:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\iWin
[2010.09.27 15:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Leadertech
[2011.01.02 14:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\OpenCandy
[2009.12.24 18:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Opera
[2010.04.06 18:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PC Suite
[2010.06.08 17:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PopCapv1003
[2011.03.22 15:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PunkBuster
[2010.05.15 19:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\RadioBar
[2011.06.15 14:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Rovio
[2010.04.06 18:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Samsung
[2010.06.09 17:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\SpinTop Games
[2011.07.04 18:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\TeamViewer
[2011.06.20 17:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\TS3Client
[2010.06.13 07:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Ubisoft
[2011.08.22 14:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\uTorrent
[2011.03.12 14:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\VBA-M
[2010.09.15 22:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Vso
[2011.04.22 22:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Zoner

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" -- [2010.01.16 16:46:21 | 000,323,392 | ---- | M] (BitTorrent, Inc.)
"Steam" = "C:\Program Files\Steam\Steam.exe" -silent -- [2011.09.28 19:44:38 | 001,242,448 | ---- | M] (Valve Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.10.13 10:45:22 | 019,550,344 | R--- | M] (Skype Technologies S.A.)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv /s >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %systemroot%\system32\svchost.exe -k netsvcs -- [2008.04.14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Automatic Updates
"ObjectName" = LocalSystem
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll" = C:\WINDOWS\system32\wuauserv.dll -- [2007.01.16 21:07:21 | 000,018,392 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum]
"0" = Root\LEGACY_WUAUSERV\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS /s >
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008.04.14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters]
"ServiceDll" = %systemroot%\system32\qmgr.dll -- [2008.04.14 01:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /s >
"HTTPFilter" = HTTPFilter [binary data]
"LocalService" = [Binary data over 100 bytes]
"NetworkService" = DnsCache [binary data]
"netsvcs" = [Binary data over 100 bytes]
"DcomLaunch" = DcomLaunchTermService [binary data]
"rpcss" = RpcSs [binary data] -- [2009.02.09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"termsvcs" = TermService [binary data]
"eapsvcs" = eaphost [binary data]
"dot3svc" = dot3svc [binary data] -- [2008.04.14 01:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation)
"Akamai" = Akamai [binary data]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch]
"CoInitializeSecurityParam" = 1
"DefaultRpcStackSize" = 8
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc]
"AuthenticationCapabilities" = 12320
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs]
"AuthenticationCapabilities" = 12320
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter]
"CoInitializeSecurityParam" = 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
"CoInitializeSecurityParam" = 1
"AuthenticationCapabilities" = 8192
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
"CoInitializeSecurityParam" = 1
"AuthenticationCapabilities" = 12320
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth]
"CoInitializeSecurityParam" = 2
"AuthenticationCapabilities" = 64
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
"CoInitializeSecurityParam" = 1
"DefaultRpcStackSize" = 8

< >

< %systemroot%\system32\drivers\*.sys /10 >
[2011.10.30 10:47:28 | 000,137,464 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys

< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004.07.17 11:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2008.04.14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004.07.17 22:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2001.08.23 13:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2001.08.23 13:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2004.07.17 11:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /10 >
[2011.10.24 07:46:02 | 003,564,888 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2011.10.30 12:07:53 | 000,206,530 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2011.10.30 10:12:02 | 000,085,482 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2011.10.30 10:12:02 | 000,496,998 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2011.10.30 10:12:01 | 000,594,788 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2011.10.30 10:47:11 | 000,214,520 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
[2011.10.30 10:47:11 | 000,214,520 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.xtr
[2011.10.30 12:07:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2009.11.25 17:23:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.11.25 17:23:30 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.11.25 17:23:30 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job >
[2011.10.30 12:07:20 | 000,000,920 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.10.30 12:13:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2011.10.29 14:26:00 | 000,000,964 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
[2011.10.30 12:26:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job

< %systemroot%\*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\*. /rp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Nabídka Start\*.lnk /x >

< %ALLUSERSPROFILE%\Data Aplikácií\*.* >

< %ALLUSERSPROFILE%\Data Aplikácií\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010.08.30 21:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activision
[2011.10.23 16:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.11.25 22:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010.11.13 22:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011.10.26 06:48:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2010.12.10 18:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011.10.28 23:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2010.12.10 18:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011.10.29 16:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.04.06 15:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011.09.10 00:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2009.11.25 17:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2011.02.25 23:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011.06.22 11:02:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011.02.22 18:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonEU
[2010.02.11 22:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010.02.11 22:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010.04.06 18:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010.06.08 17:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011.10.23 15:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011.10.28 23:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011.09.23 23:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras
[2011.10.29 19:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.02.25 23:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.02.11 22:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010.06.13 07:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009.11.25 21:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011.02.26 19:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.11.13 22:02:40 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
[2010.11.13 22:02:44 | 000,056,765 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
[2010.11.13 22:02:40 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
[2010.11.13 22:02:35 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
[2010.11.13 22:01:34 | 000,144,696 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
[2010.11.13 22:01:01 | 000,876,824 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
[2010.11.13 22:02:41 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe
[2010.11.13 22:02:44 | 000,056,997 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
[2011.05.29 10:01:00 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\Documents and Settings\All Users\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 10:01:01 | 000,014,208 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 10:01:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\Documents and Settings\All Users\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.02.22 18:08:03 | 000,155,648 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009.11.25 22:31:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %APPDATA%\*. >
[2010.08.30 21:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Activision
[2011.10.23 15:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Adobe
[2009.12.29 15:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Ahead
[2009.12.24 19:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Allstar
[2011.10.26 07:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\BitTorrent
[2011.01.04 11:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\bizarre creations
[2009.11.25 22:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\CyberLink
[2010.02.28 14:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DivX
[2011.10.30 12:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DNA
[2011.09.17 16:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DVDVideoSoft
[2011.03.28 20:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers
[2010.09.24 23:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\fizzy
[2011.10.03 16:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\GetRightToGo
[2011.10.28 17:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\go
[2010.04.18 20:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Google
[2011.10.03 19:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Hamachi
[2011.10.30 11:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\ICQ
[2009.11.25 16:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Identities
[2009.11.25 17:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\InstallShield
[2011.09.10 00:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\iWin
[2010.09.27 15:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Leadertech
[2009.12.24 19:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Macromedia
[2010.10.21 15:42:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Erika\Application Data\Microsoft
[2010.05.19 19:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Mozilla
[2011.01.02 14:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\OpenCandy
[2009.12.24 18:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Opera
[2010.04.06 18:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PC Suite
[2010.06.08 17:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PopCapv1003
[2011.03.22 15:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\PunkBuster
[2010.05.15 19:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\RadioBar
[2011.06.15 14:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Rovio
[2010.04.06 18:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Samsung
[2010.06.02 20:28:17 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Erika\Application Data\SecuROM
[2011.10.30 12:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Skype
[2011.05.28 21:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\SkypePM
[2010.06.09 17:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\SpinTop Games
[2011.02.25 23:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Sun
[2010.05.30 12:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\teamspeak2
[2011.07.04 18:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\TeamViewer
[2011.06.20 17:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\TS3Client
[2010.06.13 07:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Ubisoft
[2011.08.22 14:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\uTorrent
[2011.03.12 14:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\VBA-M
[2010.04.22 19:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\vlc
[2010.09.15 22:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Vso
[2010.01.11 16:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\WinRAR
[2011.04.22 22:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erika\Application Data\Zoner

< %APPDATA%\*.* >
[2010.04.06 18:28:40 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\$_hpcst$.hpc
[2009.11.25 17:24:58 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Erika\Application Data\desktop.ini
[2010.09.15 22:33:45 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\ezpinst.exe
[2010.09.15 22:33:45 | 000,007,176 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.cat
[2010.09.15 22:33:45 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.inf
[2010.09.15 22:33:46 | 000,000,033 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\pcouffin.log
[2010.09.15 22:33:45 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Erika\Application Data\pcouffin.sys
[2010.09.19 18:35:25 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\PnkBstrK.sys
[2010.05.19 17:10:41 | 000,000,085 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\toolbar_log.txt

< %APPDATA%\*.exe /s >
[2010.09.15 22:33:45 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\ezpinst.exe
[2011.08.10 11:06:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{3E175C63-14BA-4A53-A491-963A457AB5B0}\_42BCB8CCE14BD69FF66A4C.exe
[2011.08.10 11:06:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{3E175C63-14BA-4A53-A491-963A457AB5B0}\_683455903ED4EDB2E2473B.exe
[2011.08.10 11:06:39 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{3E175C63-14BA-4A53-A491-963A457AB5B0}\_B06E588366D12615116B42.exe
[2010.08.16 12:59:36 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2010.08.16 12:59:36 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2010.08.16 12:59:36 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2011.08.11 17:44:45 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Erika\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.08.19 22:46:28 | 001,312,120 | ---- | M] (EA Digital Illusions CE AB) -- C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2011.01.02 14:39:10 | 000,349,296 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\OpenCandy\OpenCandy_7F2241264F3D408299A86A96457A57D7\DLMgr_3_1.6.87.exe
[2011.02.24 16:07:45 | 000,835,440 | ---- | M] () -- C:\Documents and Settings\Erika\Application Data\PunkBuster\pbsetup\pbsvc.exe
[2010.11.29 22:36:08 | 002,137,088 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Documents and Settings\Erika\Application Data\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
[2011.04.22 22:13:31 | 012,385,760 | ---- | M] (ZONER software ) -- C:\Documents and Settings\Erika\Application Data\Zoner\NLMDB\product.0034\autoupdate.us\ZPS13_Update_Build06.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-17 05:48:49

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER

========== Files - Unicode (All) ==========
[2011.10.02 18:43:49 | 000,000,000 | ---D | M](C:\Documents and Settings\Erika\Desktop\????? ????????. ???????? ????????? (2011)) -- C:\Documents and Settings\Erika\Desktop\Жажда Скорости. Весеннее Ускорение (2011)
[2011.04.04 21:55:33 | 000,000,000 | ---D | C](C:\Documents and Settings\Erika\Desktop\????? ????????. ???????? ????????? (2011)) -- C:\Documents and Settings\Erika\Desktop\Жажда Скорости. Весеннее Ускорение (2011)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

< End of report >

andy_721 · #21 Příspěvek od **andy_721** » 30 říj 2011 12:39

Logfile of random's system information tool 1.09 (written by random/random)
Run by Erika at 2011-10-30 12:38:09
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 98 GB (41%) free of 238 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:11, on 30.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\USB Video Camera\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Erika\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Erika.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
R3 - URLSearchHook: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Brothersoft - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof0.dll
O3 - Toolbar: Brothersoft Toolbar - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro0.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\USB Video Camera\Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Erika\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 9182061156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9181240250
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1caab44d4fd2f2e) (gupdate1caab44d4fd2f2e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10321 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-261478967-682003330-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default

prefs.js - "browser.startup.homepage" - "http://start.facemoods.com/?a=vsl"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6, {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {e8de9422-3b2c-4243-bf6f-235da84d8ef8}:2.5.6.0, battlefieldheroespatcher@ea.com:5.0.31.0, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"
prefs.js - "keyword.URL" - "chrome://browser-region/locale/region.properties"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bittorrent.com/BitTorrentDNA]
"Description"=Delivery Network Acceleration by BitTorrent™
"Path"=C:\Program Files\DNA\plugins\npbtdna.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller 1.0.0.1
"Path"=C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer]
"Description"=Zylom Games Player 1.00
"Path"=C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIZylomPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npzylomgamesplayer.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrchvsl.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\
battlefieldheroespatcher@ea.com
engine@conduit.com
ffxtlbr@Facemoods.com
{20a82645-c095-46ed-80e3-08825760534b}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{51a86bb3-6602-4c85-92a5-130ee4864f13}
{800b5000-a755-47e1-992b-48a1c1357f07}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{e8de9422-3b2c-4243-bf6f-235da84d8ef8}

C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin.gif
icqplugin.src
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-18 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
Brothersoft Toolbar - C:\Program Files\Brothersoft\prxtbBro0.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\prxtbSof0.dll [2011-01-17 175912]
{e8de9422-3b2c-4243-bf6f-235da84d8ef8} - Brothersoft Toolbar - C:\Program Files\Brothersoft\prxtbBro0.dll [2011-01-17 175912]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll [2011-01-17 175912]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-14 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-14 86016]
"Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2006-07-23 1126400]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2010-01-16 323392]
"Steam"=C:\Program Files\Steam\Steam.exe [2011-09-28 1242448]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 19550344]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
GamePark klient 2.lnk - C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
Monitor.lnk - C:\Program Files\USB Video Camera\Monitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\SkypePortable\App\Skype\Phone\Skype.exe"="C:\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Documents and Settings\Erika\Desktop\Warcraft III\Warcraft III.exe"="C:\Documents and Settings\Erika\Desktop\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Steam\steamapps\illuzion_721\age of chivalry\hl2.exe"="C:\Program Files\Steam\steamapps\illuzion_721\age of chivalry\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Erika\Desktop\Nový priečinok (3)\hl.exe"="C:\Documents and Settings\Erika\Desktop\Nový priečinok (3)\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\EA Games\Need for Speed Underground 2\SPEED2.EXE"="C:\Program Files\EA Games\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2"
"C:\Documents and Settings\Erika\Desktop\wow 3.3.5\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"="C:\Documents and Settings\Erika\Desktop\wow 3.3.5\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-10-30 12:36:00 ----SHD---- C:\RECYCLER
2011-10-30 12:13:54 ----A---- C:\ComboFix.txt
2011-10-30 11:59:18 ----D---- C:\ComboFix
2011-10-30 11:48:13 ----A---- C:\WINDOWS\NIRCMD.exe
2011-10-29 19:14:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-10-29 19:14:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-29 18:41:05 ----A---- C:\Boot.bak
2011-10-29 18:40:57 ----RASHD---- C:\cmdcons
2011-10-29 18:31:03 ----A---- C:\WINDOWS\zip.exe
2011-10-29 18:31:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-10-29 18:31:03 ----A---- C:\WINDOWS\SWSC.exe
2011-10-29 18:31:03 ----A---- C:\WINDOWS\SWREG.exe
2011-10-29 18:31:03 ----A---- C:\WINDOWS\sed.exe
2011-10-29 18:31:03 ----A---- C:\WINDOWS\PEV.exe
2011-10-29 18:31:03 ----A---- C:\WINDOWS\MBR.exe
2011-10-29 18:31:03 ----A---- C:\WINDOWS\grep.exe
2011-10-29 18:30:56 ----D---- C:\WINDOWS\ERDNT
2011-10-29 18:30:31 ----D---- C:\Qoobox
2011-10-29 16:26:26 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2011-10-29 15:34:09 ----D---- C:\Program Files\avz4
2011-10-29 13:30:13 ----D---- C:\Program Files\ESET
2011-10-29 10:38:52 ----D---- C:\Program Files\trend micro
2011-10-29 10:38:51 ----D---- C:\rsit
2011-10-29 09:07:51 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-10-26 06:48:26 ----SHD---- C:\Documents and Settings\All Users\Application Data\DSS
2011-10-23 15:51:53 ----D---- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
2011-10-23 15:44:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-10-17 06:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2011-10-17 06:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-10-17 06:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-10-17 06:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2586448$
2011-10-07 20:20:30 ----D---- C:\Program Files\NCSoft
2011-10-03 16:48:24 ----D---- C:\Program Files\Common Files\DirectX
2011-10-03 16:37:47 ----D---- C:\Documents and Settings\Erika\Application Data\Hamachi
2011-10-03 16:37:37 ----A---- C:\WINDOWS\system32\drivers\hamachi.sys
2011-10-03 16:37:35 ----D---- C:\Program Files\Hamachi

======List of files/folders modified in the last 1 month======

2011-10-30 12:38:11 ----D---- C:\Documents and Settings\Erika\Application Data\DNA
2011-10-30 12:13:56 ----D---- C:\WINDOWS\system32\drivers
2011-10-30 12:13:55 ----D---- C:\WINDOWS\Temp
2011-10-30 12:10:58 ----D---- C:\WINDOWS\system32\CatRoot2
2011-10-30 12:09:58 ----D---- C:\Documents and Settings\Erika\Application Data\Skype
2011-10-30 12:09:08 ----D---- C:\Program Files\Steam
2011-10-30 12:08:07 ----D---- C:\Program Files\DNA
2011-10-30 12:07:42 ----D---- C:\WINDOWS
2011-10-30 12:07:41 ----A---- C:\WINDOWS\system.ini
2011-10-30 12:07:23 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-30 12:03:43 ----D---- C:\WINDOWS\system32
2011-10-30 12:03:42 ----D---- C:\WINDOWS\AppPatch
2011-10-30 12:03:40 ----D---- C:\Program Files\Common Files
2011-10-30 11:59:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-10-30 11:51:11 ----D---- C:\WINDOWS\system32\config
2011-10-30 11:20:02 ----D---- C:\Documents and Settings\Erika\Application Data\ICQ
2011-10-30 10:47:11 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-10-30 10:17:21 ----SHD---- C:\WINDOWS\Installer
2011-10-30 10:16:17 ----HD---- C:\WINDOWS\inf
2011-10-30 10:16:12 ----RD---- C:\Program Files
2011-10-30 10:12:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-10-29 22:37:44 ----A---- C:\WINDOWS\NeroDigital.ini
2011-10-29 19:01:14 ----D---- C:\WINDOWS\Prefetch
2011-10-29 18:41:05 ----RASH---- C:\boot.ini
2011-10-29 16:28:48 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-28 23:14:36 ----RD---- C:\Program Files\Skype
2011-10-28 23:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-10-28 23:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\Easybits GO
2011-10-28 18:14:04 ----D---- C:\WINDOWS\Minidump
2011-10-28 18:14:04 ----D---- C:\WINDOWS\Debug
2011-10-28 17:29:17 ----SHD---- C:\System Volume Information
2011-10-28 17:29:17 ----D---- C:\WINDOWS\system32\Restore
2011-10-28 17:26:47 ----D---- C:\Documents and Settings\Erika\Application Data\go
2011-10-26 07:07:36 ----D---- C:\Documents and Settings\Erika\Application Data\BitTorrent
2011-10-25 20:32:41 ----D---- C:\WINDOWS\WinSxS
2011-10-23 20:11:36 ----D---- C:\Program Files\Opera
2011-10-23 16:00:10 ----SD---- C:\WINDOWS\Tasks
2011-10-23 16:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2011-10-23 15:59:27 ----D---- C:\Program Files\Common Files\Adobe
2011-10-23 15:58:35 ----D---- C:\Program Files\Adobe
2011-10-23 15:53:16 ----D---- C:\Documents and Settings\Erika\Application Data\Adobe
2011-10-23 15:48:55 ----RSD---- C:\WINDOWS\Fonts
2011-10-17 17:35:42 ----RSD---- C:\WINDOWS\assembly
2011-10-17 17:31:00 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-17 14:06:23 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-17 13:58:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-17 06:44:56 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-17 06:44:50 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-07 13:24:53 ----A---- C:\WINDOWS\win.ini
2011-10-03 17:01:31 ----D---- C:\Program Files\EA Games
2011-10-03 16:38:18 ----D---- C:\Documents and Settings\Erika\Application Data\GetRightToGo
2011-10-01 23:39:22 ----D---- C:\AeriaGames
2011-10-01 23:38:58 ----D---- C:\Program Files\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-01-16 62336]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-01-16 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-03 5030912]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-01-16 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-14 6301248]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Ca2001v;CA2001 WebCam Driver; C:\WINDOWS\System32\Drivers\Ca2001v.sys [2008-02-19 2333568]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-10-03 17480]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-07-24 100736]
S3 mbr;mbr; \??\C:\DOCUME~1\Erika\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2011-03-12 4096]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-09-13 47360]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-14 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-03-22 75136]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2011-10-30 214520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1caab44d4fd2f2e;Služba Google Update (gupdate1caab44d4fd2f2e); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2011-02-08 4067472]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2007-01-16 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

andy_721 · #22 Příspěvek od **andy_721** » 30 říj 2011 12:41

toto je zatiaľ všetko čo som mal spraviť, škody myslíš také, či niečo vidím čo sa týka pcčka? nič mi v pcčku neblbne,všetko ide tak ako má, internet ide ako blesk, pc sa mi neseká

andy_721 · #23 Příspěvek od **andy_721** » 30 říj 2011 12:58

no ja som ten vír dostal večer, tak som z panikáril a vymazal som ten flash z pc :X, toolbary vôbec nepoužívam, tie tam mám už dlhšie

,

andy_721 · #24 Příspěvek od **andy_721** » 30 říj 2011 13:08

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8046

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

30.10.2011 13:05:37
mbam-log-2011-10-30 (13-05-37).txt

Typ: Rychlá kontrola
Kontrolované objekty: 166944
Uplynulý čas: 3 minut, 5 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

andy_721 · #25 Příspěvek od **andy_721** » 30 říj 2011 13:10

už sa na tom pracuje

andy_721 · #26 Příspěvek od **andy_721** » 30 říj 2011 13:17

a aký upload zložiek qoobox a avz?

andy_721 · #27 Příspěvek od **andy_721** » 30 říj 2011 13:49

tuto máš ten avz a qoobox http://www.ulozto.cz/10815493/novy-obje ... chiv-3-zip

andy_721 · #28 Příspěvek od **andy_721** » 30 říj 2011 14:58

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verze databáze: 8046

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

30.10.2011 14:52:32
mbam-log-2011-10-30 (14-52-09).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 314171
Uplynulý čas: 1 hodin, 28 minut, 40 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 11

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Erika\Desktop\medal of honor\Binaries\loader.dll (Riskware.Tool.CK) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\RP421\A0099422.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\RP421\A0099423.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\RP421\A0099424.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\RP421\A0099425.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\RP421\A0099426.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\RP421\A0099427.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\RP421\A0099428.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\RP421\A0099429.exe (PUP.BitMiner) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\RP421\A0099432.exe (Trojan.Agent) -> No action taken.
c:\system volume information\_restore{17a2edaf-b2ad-43a3-bfe5-7d34e4f47d7a}\rp421\a0099433.exe (Trojan.Agent) -> No action taken.

andy_721 · #29 Příspěvek od **andy_721** » 30 říj 2011 15:08

========== OTL ==========
Prefs.js: "http://search.conduit.com/ResultsExt.as ... earchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://start.facemoods.com/?a=vsl" removed from browser.startup.homepage
C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Documents and Settings\Erika\Application Data\Mozilla\Firefox\Profiles\dxg2uktb.default\extensions\engine@conduit.com folder moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Akamai deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 10302011_150836

andy_721 · #30 Příspěvek od **andy_721** » 30 říj 2011 15:17

už len vymazať ten medal of honor infikovaný súbor a malo by byť všetko ok hej?

VIRY.CZ

FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help

Re: FB vír. pls help