PC sa nevypina, NOD hlasi trojskeho kona

[Bloodsong]

Zdravim, mam jeden problem, PC sa nevypina, ak dam vypnut,(mam XP) nabehne klasicka modra obrazovka, ze uklada, potom ze sa vypina, monitor sa vypne, ale PC bezi dalej, zdroj aj chladice sa tocia, a musi vypnut tlacidlom zpredu. NOD 32 mi hlasi subory ako H:\2ul.exe, H:\gbjk.exe, C:\ggb6w.exe, C:\x3xh.exe pri vsetkych Win32/PSW.OnLineGames.OUM trójsky kôň,
Nod najde len tieto, skusil som Malwarebytes, ten stale bezi ale zatial nenasiel nic...co z tym??

[Bloodsong]

LOG:
Logfile of random's system information tool 1.08 (written by random/random)
Run by rolly at 2010-08-25 13:19:01
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (39%) free of 40 GB
Total RAM: 2047 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:19:33, on 25.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
G:\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
G:\jdk\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
G:\SVN\bin\statuscached.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
H:\RSIT.exe
C:\Program Files\trend micro\rolly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://radiobar.toolbarhome.com?hp=df
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - H:\Programy\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\jdk\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\jdk\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: RadioBar Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\rolly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: toolbarchrome - {718733BC-AD64-4E5F-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\jdk\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SmartSVN Status Cache (statuscached) - Unknown owner - G:\SVN\bin\statuscached.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 9207 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-813497703-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-813497703-839522115-1004UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-813497703-839522115-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-813497703-839522115-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-05 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
RadioBar Toolbar - C:\Program Files\RadioBar\toolbar.ni.dll [2010-01-11 451808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - H:\Programy\Mega Manager\MegaIEMn.dll [2010-07-28 109568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - G:\jdk\bin\jp2ssv.dll [2010-07-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - G:\jdk\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-27 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{5B291E6C-9A74-4034-971B-A4B007A0B315} - RadioBar Toolbar - C:\Program Files\RadioBar\toolbar.ni.dll [2010-01-11 451808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"VMonitorVMUVC"=C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [2008-08-29 143360]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-07-02 2202704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\rolly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-08-10 2349776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Manager]
H:\Programy\Mega Manager\MegaManager.exe [2010-07-28 2106880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2010-07-24 1238352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
D:\Turbine Download Manager\TurbineDownloadManagerIcon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
C:\Program Files\Uniblue\RegistryBooster\launcher.exe [2010-03-16 60208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-01-16 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartSVN 6.5 (background).lnk]
G:\SVN\bin\smartsvn.exe [2010-07-07 213504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2010-02-04 495432]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\torrent\uTorrent.exe"="G:\torrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"H:\Programy\Ventrilo\Ventrilo.exe"="H:\Programy\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"H:\Programy\Ventriloserver\ventrilo_srv.exe"="H:\Programy\Ventriloserver\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"H:\Programy\TS-server\teamspeak3-server_win32\ts3server_win32.exe"="H:\Programy\TS-server\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Europa 1400 - Gold Edition\Europa1400Gold_TL.exe"="H:\Europa 1400 - Gold Edition\Europa1400Gold_TL.exe:*:Enabled:Europa1400Gold_TL"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\prenos\DC++\DCPlusPlus.exe"="D:\prenos\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"D:\Hellgate London\Launcher.exe"="D:\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Warhammer\Warhammer.exe"="D:\Warhammer\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"G:\AION_Emulator_by_CriticalError\AIONEmulator\usr\local\apache2\bin\Apache_16.exe"="G:\AION_Emulator_by_CriticalError\AIONEmulator\usr\local\apache2\bin\Apache_16.exe:*:Enabled:Apache HTTP Server"
"G:\AION_Emulator_by_CriticalError\AIONEmulator\usr\local\mysql\bin\mysqld-opt.exe"="G:\AION_Emulator_by_CriticalError\AIONEmulator\usr\local\mysql\bin\mysqld-opt.exe:*:Enabled:mysqld-opt"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"G:\L P\LostPlanetColoniesDX9.exe"="G:\L P\LostPlanetColoniesDX9.exe:*:Enabled:LOSTPLANETCOLONIES_DX9"
"G:\L P\LostPlanetColoniesDX10.exe"="G:\L P\LostPlanetColoniesDX10.exe:*:Enabled:LOSTPLANETCOLONIES_DX10"
"H:\Medal of Honor\MOHAA.exe"="H:\Medal of Honor\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"H:\Imperial Glory\ImperialGlory.exe"="H:\Imperial Glory\ImperialGlory.exe:*:Enabled:ImperialGlory"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-25 13:19:03 ----D---- C:\Program Files\trend micro
2010-08-25 13:19:01 ----D---- C:\rsit
2010-08-25 12:19:13 ----D---- C:\Documents and Settings\rolly\Application Data\Malwarebytes
2010-08-25 12:19:04 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-25 12:19:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-25 12:19:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-25 12:19:02 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-17 22:22:07 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-08-16 19:41:05 ----A---- C:\WINDOWS\IGLobbyReg.exe
2010-08-16 16:23:56 ----D---- C:\Program Files\IObit
2010-08-16 16:23:56 ----D---- C:\Documents and Settings\rolly\Application Data\IObit
2010-08-15 12:33:58 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-08-15 12:33:58 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-08-15 12:33:58 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-08-15 12:33:58 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-08-15 12:33:58 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-08-15 12:33:57 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-08-15 12:33:57 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-08-15 12:33:53 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-08-14 21:03:23 ----D---- C:\Program Files\Recuva
2010-08-14 20:06:37 ----D---- C:\Documents and Settings\rolly\Application Data\The Creative Assembly
2010-08-13 05:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-13 05:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-13 05:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-13 05:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-13 04:58:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-13 04:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-13 04:56:24 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-13 04:56:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-07 18:23:23 ----A---- C:\WINDOWS\MegaManager.INI
2010-08-07 18:21:43 ----D---- C:\Documents and Settings\rolly\Application Data\Megaupload
2010-08-04 06:17:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-03 15:17:51 ----D---- C:\Program Files\USBInfo
2010-08-03 15:17:43 ----N---- C:\WINDOWS\Setup1.exe
2010-08-03 15:17:42 ----A---- C:\WINDOWS\ST6UNST.EXE
2010-08-03 15:07:23 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-30 12:12:15 ----D---- C:\Documents and Settings\rolly\Application Data\Thinstall
2010-07-30 11:33:35 ----D---- C:\Documents and Settings\rolly\Application Data\TeamViewer
2010-07-30 11:33:16 ----D---- C:\Program Files\TeamViewer
2010-07-30 10:06:42 ----A---- C:\Documents and Settings\rolly\Application Data\Skirmish.ini
2010-07-30 10:06:42 ----A---- C:\Documents and Settings\rolly\Application Data\LeifSkirmishStats.ini
2010-07-30 10:04:54 ----A---- C:\Documents and Settings\rolly\Application Data\Options.ini
2010-07-30 10:03:51 ----D---- C:\Documents and Settings\rolly\Application Data\My Battle for Middle-earth Files
2010-07-29 11:42:59 ----D---- C:\Documents and Settings\rolly\Application Data\RadioBar
2010-07-29 11:42:58 ----D---- C:\Program Files\RadioBar
2010-07-27 17:03:11 ----D---- C:\WINDOWS\pss
2010-07-27 15:03:26 ----D---- C:\Documents and Settings\rolly\Application Data\Subversion
2010-07-27 14:51:37 ----D---- C:\Program Files\Common Files\TortoiseOverlays
2010-07-27 14:22:09 ----D---- C:\Documents and Settings\rolly\Application Data\syntevo
2010-07-27 14:20:31 ----D---- C:\Program Files\Sun
2010-07-27 14:20:18 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-27 14:13:36 ----D---- C:\Documents and Settings\All Users\Application Data\syntevo

======List of files/folders modified in the last 1 months======

2010-08-25 13:19:07 ----D---- C:\WINDOWS\Temp
2010-08-25 13:19:03 ----RD---- C:\Program Files
2010-08-25 13:18:58 ----D---- C:\WINDOWS\Prefetch
2010-08-25 12:33:37 ----SHD---- C:\WINDOWS\Installer
2010-08-25 12:26:51 ----D---- C:\WINDOWS
2010-08-25 12:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2010-08-25 12:25:54 ----D---- C:\WINDOWS\system32\drivers
2010-08-25 12:24:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-25 12:24:23 ----D---- C:\WINDOWS\system32
2010-08-25 12:19:17 ----SD---- C:\WINDOWS\Tasks
2010-08-25 11:39:06 ----D---- C:\Documents and Settings\rolly\Application Data\Skype
2010-08-25 08:23:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-25 08:05:52 ----D---- C:\Documents and Settings\rolly\Application Data\skypePM
2010-08-25 03:05:31 ----D---- C:\Program Files\Trillian
2010-08-25 03:05:19 ----A---- C:\WINDOWS\WINCMD.INI
2010-08-24 16:54:03 ----D---- C:\Documents and Settings\rolly\Application Data\uTorrent
2010-08-24 16:16:58 ----A---- C:\WINDOWS\win.ini
2010-08-24 12:01:29 ----D---- C:\Documents and Settings\rolly\Application Data\vlc
2010-08-24 08:18:28 ----D---- C:\Documents and Settings\rolly\Application Data\dvdcss
2010-08-22 17:22:34 ----D---- C:\WINDOWS\system32\DirectX
2010-08-22 17:22:33 ----RSD---- C:\WINDOWS\assembly
2010-08-19 17:14:51 ----D---- C:\Program Files\Steam
2010-08-18 17:10:04 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-18 13:54:12 ----D---- C:\WINDOWS\Debug
2010-08-18 13:37:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-08-17 22:22:43 ----HD---- C:\WINDOWS\inf
2010-08-17 22:22:07 ----D---- C:\Program Files\ESET
2010-08-16 19:50:39 ----D---- C:\Program Files\GameShadow
2010-08-16 18:47:20 ----A---- C:\WINDOWS\winzip.ini
2010-08-15 06:13:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-14 10:55:52 ----D---- C:\Documents and Settings\rolly\Application Data\Adobe
2010-08-14 10:55:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-13 05:31:18 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-13 05:01:08 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-08-13 05:01:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-13 05:00:21 ----D---- C:\WINDOWS\WinSxS
2010-08-13 04:58:55 ----D---- C:\Program Files\Internet Explorer
2010-08-13 04:56:28 ----D---- C:\Program Files\Movie Maker
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-08-03 16:24:15 ----D---- C:\Documents and Settings\rolly\Application Data\Real
2010-08-02 20:12:51 ----D---- C:\Documents and Settings\rolly\Application Data\Winamp
2010-07-30 21:12:34 ----SD---- C:\Documents and Settings\rolly\Application Data\Microsoft
2010-07-30 20:55:02 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-07-28 20:46:29 ----D---- C:\Documents and Settings\rolly\Application Data\Hamachi
2010-07-27 14:21:05 ----D---- C:\Program Files\Common Files\Java
2010-07-27 14:21:01 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-07-27 14:20:09 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-27 14:20:09 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-27 14:20:08 ----A---- C:\WINDOWS\system32\java.exe
2010-07-27 14:19:58 ----D---- C:\Program Files\Java
2010-07-27 08:30:35 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-26 19:20:27 ----D---- C:\Documents and Settings\rolly\Application Data\ICQ
2010-07-26 19:18:12 ----D---- C:\Program Files\ICQ7.1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 nvata;nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [2006-08-14 105344]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-08-10 19968]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-03-25 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-28 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-07-02 95896]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-07-11 281760]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-07-02 140752]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-07-11 25888]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-03-27 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2010-04-04 10232128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-28 47360]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-05-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-05-14 44384]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 a7u6kqm8;a7u6kqm8; C:\WINDOWS\system32\drivers\a7u6kqm8.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\System32\drivers\NSDriver.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 ptiusbf;PTI USB Filter; C:\WINDOWS\SYSTEM32\DRIVERS\PTIUSBF.SYS [2001-04-14 22474]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 VMUVC;Vimicro Camera Service VMUVC; C:\WINDOWS\System32\Drivers\VMUVC.sys [2008-08-29 256512]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC; C:\WINDOWS\system32\drivers\vvftUVC.sys [2008-07-01 398720]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-05-14 21440]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2004-05-14 14720]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-05-14 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-06 561152]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-07-02 810144]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 JavaQuickStarterService;Java Quick Starter; G:\jdk\bin\jqs.exe [2010-07-27 153376]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2010-04-03 154216]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 statuscached;SmartSVN Status Cache; G:\SVN\bin\statuscached.exe [2010-07-07 216576]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-20 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-07-02 33584]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-20 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2009-05-22 250616]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[JaRon]

spust na to CF, a bude po ptakoch
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

[Bloodsong]

spustil som, na zaciatku mi resetol PC, potom sa spustil combofix, prebehlo asi 50 stage, a po chvili naskocila fullscreen modra obrazovka, z tym ze sa nasiel problem preto sa windows vypol, resetol som, zaiden log z combofixu nemam, a hned pri starte mi vyskocil Daemon tools z hlaskou :"Tento program požaduje najmenej Windows 2000 s SPTD1.60 alebo vyššiu. Ladenie jadra musi byť vypnuto."

[Bloodsong]

spustil som znovu, tentoraz nabehol a normalne presiel, tu je LOG:
ComboFix 10-08-24.0A - rolly 25.08.2010 14:33:24.1.2 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1509 [GMT 2:00]
Running from: c:\documents and settings\rolly\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\2ul.exe
c:\documents and settings\rolly\Application Data\inst.exe
C:\eyruu.exe
C:\g6jk.exe
C:\MK28SP.EXE
D:\2ul.exe
D:\g6jk.exe
D:\mk28sp.exe
G:\2ul.exe
G:\g6jk.exe
G:\mk28sp.exe
G:\xcr.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))
.

2010-08-25 11:19 . 2010-08-25 12:29 -------- d-----w- c:\program files\trend micro
2010-08-25 11:19 . 2010-08-25 11:19 -------- d-----w- C:\rsit
2010-08-25 10:19 . 2010-08-25 10:19 -------- d-----w- c:\documents and settings\rolly\Application Data\Malwarebytes
2010-08-25 10:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 10:19 . 2010-08-25 10:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 10:19 . 2010-08-25 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-25 10:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 20:22 . 2010-08-17 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-08-16 17:41 . 2005-04-26 12:00 40960 ----a-w- c:\windows\IGLobbyReg.exe
2010-08-16 14:23 . 2010-08-16 14:32 -------- d-----w- c:\program files\IObit
2010-08-16 14:23 . 2010-08-16 14:32 -------- d-----w- c:\documents and settings\rolly\Application Data\IObit
2010-08-15 10:33 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-15 10:33 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-15 10:33 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-15 10:33 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-15 10:33 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-15 10:33 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-15 10:33 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-15 10:33 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-14 19:03 . 2010-08-14 19:03 -------- d-----w- c:\program files\Recuva
2010-08-14 18:06 . 2010-08-14 18:06 -------- d-----w- c:\documents and settings\rolly\Application Data\The Creative Assembly
2010-08-11 17:33 . 2010-08-11 17:33 503808 ----a-w- c:\documents and settings\rolly\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4546c833-n\msvcp71.dll
2010-08-11 17:33 . 2010-08-11 17:33 499712 ----a-w- c:\documents and settings\rolly\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4546c833-n\jmc.dll
2010-08-11 17:33 . 2010-08-11 17:33 348160 ----a-w- c:\documents and settings\rolly\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4546c833-n\msvcr71.dll
2010-08-11 17:33 . 2010-08-11 17:33 61440 ----a-w- c:\documents and settings\rolly\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-488a5989-n\decora-sse.dll
2010-08-11 17:33 . 2010-08-11 17:33 12800 ----a-w- c:\documents and settings\rolly\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-488a5989-n\decora-d3d.dll
2010-08-07 16:21 . 2010-08-07 16:21 -------- d-----w- c:\documents and settings\rolly\Application Data\Megaupload
2010-08-03 13:17 . 2010-08-03 13:18 -------- d-----w- c:\program files\USBInfo
2010-08-03 13:17 . 2010-08-03 13:17 249856 ------w- c:\windows\Setup1.exe
2010-08-03 13:17 . 2010-08-03 13:17 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-08-03 13:07 . 2010-08-03 13:07 -------- d-----w- c:\windows\system32\NtmsData
2010-07-30 19:08 . 2010-07-30 19:08 -------- d-----w- c:\documents and settings\rolly\Local Settings\Application Data\capcom
2010-07-30 10:12 . 2010-07-30 10:12 -------- d-----w- c:\documents and settings\rolly\Application Data\Thinstall
2010-07-30 09:33 . 2010-07-30 09:33 -------- d-----w- c:\documents and settings\rolly\Application Data\TeamViewer
2010-07-30 09:33 . 2010-07-30 09:33 -------- d-----w- c:\program files\TeamViewer
2010-07-30 08:03 . 2010-07-30 08:03 -------- d-----w- c:\documents and settings\rolly\Application Data\My Battle for Middle-earth Files
2010-07-29 09:42 . 2010-07-29 09:43 -------- d-----w- c:\documents and settings\rolly\Application Data\RadioBar
2010-07-29 09:42 . 2010-07-30 19:02 -------- d-----w- c:\program files\RadioBar
2010-07-27 13:03 . 2010-07-27 13:03 -------- d-----w- c:\documents and settings\rolly\Application Data\Subversion
2010-07-27 12:53 . 2010-08-25 12:23 -------- d-----w- c:\documents and settings\rolly\Local Settings\Application Data\TSVNCache
2010-07-27 12:51 . 2010-07-27 12:51 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-07-27 12:22 . 2010-07-27 12:22 -------- d-----w- c:\documents and settings\rolly\Application Data\syntevo
2010-07-27 12:20 . 2010-07-27 12:20 -------- d-----w- c:\program files\Sun
2010-07-27 12:20 . 2010-07-27 12:20 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-27 12:13 . 2010-07-27 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\syntevo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 09:39 . 2010-04-05 14:10 -------- d-----w- c:\documents and settings\rolly\Application Data\Skype
2010-08-25 08:23 . 2010-04-30 16:27 2150 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-08-25 06:29 . 2010-05-08 18:55 3296 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-08-25 06:29 . 2010-05-08 18:55 3296 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-08-25 06:29 . 2010-05-08 18:55 88 --sh--r- c:\documents and settings\All Users\Application Data\071233707D.sys
2010-08-25 06:29 . 2010-05-08 18:55 88 --sh--r- c:\documents and settings\All Users\Application Data\071233707D.sys
2010-08-25 06:05 . 2008-03-16 09:59 -------- d-----w- c:\documents and settings\rolly\Application Data\skypePM
2010-08-25 01:05 . 2010-04-05 19:41 -------- d-----w- c:\program files\Trillian
2010-08-24 14:54 . 2010-03-25 07:15 -------- d-----w- c:\documents and settings\rolly\Application Data\uTorrent
2010-08-24 10:01 . 2010-04-25 10:16 -------- d-----w- c:\documents and settings\rolly\Application Data\vlc
2010-08-24 06:18 . 2010-04-25 10:17 -------- d-----w- c:\documents and settings\rolly\Application Data\dvdcss
2010-08-19 15:14 . 2010-07-24 15:38 -------- d-----w- c:\program files\Steam
2010-08-19 01:13 . 2008-03-16 08:25 118912 ----a-w- c:\documents and settings\rolly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-18 15:10 . 2008-03-16 07:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 20:22 . 2010-03-24 21:15 -------- d-----w- c:\program files\ESET
2010-08-16 17:50 . 2010-04-04 18:03 -------- d-----w- c:\program files\GameShadow
2010-08-16 17:41 . 2010-04-04 18:04 8854 ----a-r- c:\documents and settings\rolly\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\Uninstall_GameShadow_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2010-08-16 17:41 . 2010-04-04 18:04 45056 ----a-r- c:\documents and settings\rolly\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GameShadow.exe1_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2010-08-16 17:41 . 2010-04-04 18:04 45056 ----a-r- c:\documents and settings\rolly\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GameShadow.exe_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2010-08-16 17:41 . 2010-04-04 18:04 40960 ----a-r- c:\documents and settings\rolly\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GSDR.exe_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
2010-08-16 17:41 . 2010-04-04 18:04 40960 ----a-r- c:\documents and settings\rolly\Application Data\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\ARPPRODUCTICON.exe
2010-08-02 18:12 . 2008-03-16 10:00 -------- d-----w- c:\documents and settings\rolly\Application Data\Winamp
2010-07-30 18:55 . 2010-04-04 16:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-28 18:46 . 2010-03-27 19:11 -------- d-----w- c:\documents and settings\rolly\Application Data\Hamachi
2010-07-27 12:58 . 2010-07-08 12:49 5 ----a-w- c:\windows\treeskp.sys
2010-07-27 12:58 . 2010-07-08 12:49 5 ----a-w- c:\windows\sbacknt.bin
2010-07-27 12:21 . 2008-03-16 09:12 -------- d-----w- c:\program files\Common Files\Java
2010-07-27 12:19 . 2008-03-16 09:13 -------- d-----w- c:\program files\Java
2010-07-27 11:40 . 2010-07-08 12:49 152904 ----a-w- c:\windows\system32\vghd.scr
2010-07-26 17:20 . 2010-03-26 17:47 -------- d-----w- c:\documents and settings\rolly\Application Data\ICQ
2010-07-26 17:18 . 2010-03-26 17:47 -------- d-----w- c:\program files\ICQ7.1
2010-07-24 15:01 . 2010-07-24 15:00 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-07-21 12:44 . 2010-07-21 12:44 15360 ----a-r- c:\documents and settings\rolly\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E910.exe
2010-07-21 12:44 . 2010-07-21 12:44 11264 ----a-r- c:\documents and settings\rolly\Application Data\Microsoft\Installer\{DD8408E9-9421-484F-979D-DB6361E3E828}\IconDD8408E96.exe
2010-07-13 09:57 . 2010-07-13 09:57 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-07-11 15:47 . 2010-03-25 17:18 -------- d-----w- c:\documents and settings\rolly\Application Data\Ubisoft
2010-07-11 15:47 . 2010-06-20 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Tages
2010-07-11 15:42 . 2010-04-05 13:43 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-07-11 15:42 . 2010-04-05 13:43 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-07-09 22:02 . 2010-07-09 22:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Softland
2010-07-09 06:28 . 2008-03-16 10:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-08 18:48 . 2010-07-08 18:48 -------- d-----w- c:\documents and settings\rolly\Application Data\Softland
2010-07-08 18:48 . 2010-07-08 18:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2010-07-08 18:47 . 2010-07-08 18:47 -------- d-----w- c:\program files\Softland
2010-07-08 12:52 . 2010-07-08 12:49 -------- d-----w- c:\documents and settings\rolly\Application Data\vghd
2010-07-05 15:20 . 2010-07-05 15:20 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-05 15:20 . 2010-07-05 15:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-05 15:20 . 2010-07-05 15:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-05 15:20 . 2010-07-05 15:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-05 15:20 . 2010-07-05 15:20 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-05 15:20 . 2010-07-05 15:20 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-05 15:20 . 2010-07-05 15:20 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-05 15:20 . 2010-07-05 15:20 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-05 15:20 . 2010-07-05 15:20 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-05 15:20 . 2010-07-05 15:18 -------- d-----w- c:\program files\Common Files\Real
2010-07-05 15:19 . 2010-07-05 15:18 -------- d-----w- c:\program files\Real
2010-07-05 15:19 . 2010-07-05 15:19 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-05 15:18 . 2008-03-16 08:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-05 15:18 . 2008-03-16 08:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-02 10:43 . 2010-07-02 10:43 95896 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-07-02 10:43 . 2010-07-02 10:43 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-07-01 11:44 . 2010-07-01 11:42 -------- d-----w- c:\program files\NCSoft
2010-06-30 12:31 . 2003-03-31 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-26 17:24 . 2010-06-26 17:24 50354 ----a-w- c:\documents and settings\rolly\Application Data\Facebook\uninstall.exe
2010-06-26 17:24 . 2010-06-26 17:24 -------- d-----w- c:\documents and settings\rolly\Application Data\Facebook
2010-06-26 08:21 . 2010-06-26 07:28 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-06-26 08:21 . 2010-06-26 07:28 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-06-24 12:22 . 2006-06-23 10:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-03-31 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-03-31 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-03-31 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-03-16 07:38 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2010-03-25 13:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 09:39 . 2010-06-06 12:59 14 ----a-w- c:\windows\system32\nvModes.dat
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\rolly\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-02 10:58 . 2010-07-08 18:47 23368 ----a-w- c:\windows\system32\novamnl7.dll
2010-06-02 10:58 . 2010-07-08 18:47 20808 ----a-w- c:\windows\system32\novamil7.dll
2010-04-30 16:27 . 2010-04-30 16:27 8 --sh--r- c:\windows\system32\071233707D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 10:18 451808 ----a-w- c:\program files\RadioBar\toolbar.ni.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5B291E6C-9A74-4034-971B-A4B007A0B315}"= "c:\program files\RadioBar\toolbar.ni.dll" [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-07-07 08:41 249856 ----a-w- g:\svn\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-07-07 08:41 249856 ----a-w- g:\svn\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-07-07 08:41 249856 ----a-w- g:\svn\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-07-07 08:41 249856 ----a-w- g:\svn\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-07-07 08:41 249856 ----a-w- g:\svn\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-07-07 08:41 249856 ----a-w- g:\svn\lib\shellext32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2010-07-07 08:41 249856 ----a-w- g:\svn\lib\shellext32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Google Update"="c:\documents and settings\rolly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-25 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-07-02 2202704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-16 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartSVN 6.5 (background).lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartSVN 6.5 (background).lnk
backup=c:\windows\pss\SmartSVN 6.5 (background).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 13:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Manager]
2010-07-28 13:57 2106880 ----a-w- h:\programy\Mega Manager\MegaManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 01:08 2512392 ----a-w- c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-07-24 15:39 1238352 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
2010-03-16 15:25 60208 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\torrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"h:\\Programy\\Ventrilo\\Ventrilo.exe"=
"h:\\Programy\\Ventriloserver\\ventrilo_srv.exe"=
"h:\\Programy\\TS-server\\teamspeak3-server_win32\\ts3server_win32.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Europa 1400 - Gold Edition\\Europa1400Gold_TL.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\prenos\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"d:\\Warhammer\\Warhammer.exe"=
"g:\\AION_Emulator_by_CriticalError\\AIONEmulator\\usr\\local\\apache2\\bin\\Apache_16.exe"=
"g:\\AION_Emulator_by_CriticalError\\AIONEmulator\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"g:\\L P\\LostPlanetColoniesDX9.exe"=
"g:\\L P\\LostPlanetColoniesDX10.exe"=
"h:\\Medal of Honor\\MOHAA.exe"=
"h:\\Imperial Glory\\ImperialGlory.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [28.4.2010 8:17 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2.7.2010 12:43 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2.7.2010 12:43 810144]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [26.3.2010 19:47 246520]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [6.7.2010 17:03 173352]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.3.2010 11:17 25088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.5.2010 14:29 136176]
S2 statuscached;SmartSVN Status Cache;g:\svn\bin\statuscached.exe [7.7.2010 10:41 216576]
S3 ptiusbf;PTI USB Filter;c:\windows\system32\drivers\ptiusbf.sys [14.4.2001 0:22 22474]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [17.4.2010 15:05 256512]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [17.4.2010 15:05 398720]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.3.2010 17:11 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 12:29]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-20 12:29]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-813497703-839522115-1004Core.job
- c:\documents and settings\rolly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 15:09]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-813497703-839522115-1004UA.job
- c:\documents and settings\rolly\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 15:09]

2010-08-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-813497703-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-08-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-813497703-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://radiobar.toolbarhome.com?hp=df
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\RadioBar\toolbar.ni.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
FF - ProfilePath - c:\documents and settings\rolly\Application Data\Mozilla\Firefox\Profiles\jhx6myu1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\rolly\Application Data\Mozilla\Firefox\Profiles\jhx6myu1.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\rolly\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\rolly\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: g:\jdk\bin\new_plugin\npdeployJava1.dll
FF - plugin: g:\jdk\bin\new_plugin\npjp2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Turbine Download Manager Tray Icon - d:\turbine download manager\TurbineDownloadManagerIcon.exe
AddRemove-Unlocker - h:\my documents\Programy\un\Unlocker\uninst.exe
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - g:\cp xi\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
AddRemove-Third Age - Total War 1.0 Part1 - h:\medieval ii-total war\Uninstal.exe
AddRemove-Third Age - Total War 1.0 Part2 - h:\medieval ii-total war\Uninstal.exe
AddRemove-Third Age - Total War Hotfix1 - h:\medieval ii-total war\Uninstal.exe
AddRemove-Third Age - Total War Patch 1.1 - h:\medieval ii-total war\Uninstal.exe
AddRemove-Third Age - Total War Patch 1.2 - h:\medieval ii-total war\Uninstal.exe
AddRemove-Third Age - Total War Patch 1.3 - h:\medieval ii-total war\Uninstal.exe
AddRemove-Third Age - Total War Patch 1.4 - h:\medieval ii-total war\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 14:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-813497703-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\B*a*t*t*l*e*F*o*r*g*e*"!\Oxin's Style!]
"Order"=hex:08,00,00,00,02,00,00,00,84,00,00,00,01,00,00,00,01,00,00,00,78,00,
00,00,00,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,31,\

[HKEY_USERS\S-1-5-21-1606980848-813497703-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Electronic Arts\B*a*t*t*l*e*F*o*r*g*e*"!\Oxin's Style!\3D SexVilla 2]
"Order"=hex:08,00,00,00,02,00,00,00,e6,01,00,00,01,00,00,00,03,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,00,32,\

[HKEY_USERS\S-1-5-21-1606980848-813497703-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:21,51,82,51,87,a5,84,a3,05,38,05,d0,f9,75,db,4d,30,af,19,a0,f3,
2c,ed,94,91,2a,7d,0a,60,4d,8d,f2,2f,3a,86,f0,7e,03,21,10,ee,44,00,25,c7,1a,\
"rkeysecu"=hex:91,e0,fa,8a,75,55,82,82,18,01,f7,f6,87,94,dd,a7

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B82DEEC4D3927BCFEB4ADAA22CC135248A547C30104786A6455078EB3959A7A6D3CA2C41EE9ADA63E1F2D405FD1EDF371E8DC94DD1BBF20F4A2ACB890838E335E733D87BA735356669CA9C70D8F6D03FFA77E7D5B97A486F589C3A18B8D8A843354EDE54017C5EFE316517D87F23A487607252F36DB60A565EF7FA156F6C84C4FAF54E3FC03E8C266B494CC7782EDB2E11D3AAE454D624A8527C67141556E78480FAD9C2717C5DAA4EF3E6D710555BA6D464B6F91AF7621EAB61FC39D82F2C1E8F9F57FA606CCD2C95D438B9D30BE9B579625D18306876C268505E41AAC38982741AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CC038D530D6EB34522D4B2B41FE2B8947B514DBF2E045EE8580C0FA64F545BC16437823891BE83536AC93301C28908091E879A1053D4D8710BE51050BAC37F2F3BC84F7DC659130C1EE8B31E0F9CB0404AB8FA7DCB44036516E5FB768B3D4422CC0A8E732A5E024AC3710B696FDDF2C01F909767F578661B6E00F3B1D480E7F5A192160E8DF66F8DE69920D78A2A68D5D712CDA261CDD72250C9E7F0188248610B73E0F137E0A9A358E98C3F63749C864D3D367BC5F5557710D5BB69BF7AC354FAE6366764C867782523C3035F2C9FBD3066D70E3DCD2826722A7D5AAFD916E92B7091F0E7AEB050908A9690AED7ACB5D93FA0F70B78FE747AD7D189FE58F18C32D3DB3099D9A3A8523A1CB02A60362A6A993A06A78970241B666F9A15F3A1EC3101E62492D4B1221BC7B76DB7D60EBCA1961C68E874B4FFEE703BF887DF56EE682602FE506080C7F139ECF0B3961185759A264CD3261511B9084ED63B77DFBF4CE4D622969302DB404097EB8022B9CCD84A9264CAD600BA4A4B3CFF0EA5EBD2A5F3F85907A767C49964CEE3E66B33124D65C76E10FA50A1DB8EA73A95479ADB5C42867CFC1DF05BB730CD12C554714C5B3B5089C5063597C091B2A369786C9BB320D9C4DACC857FBE78499462785848F2043CE3B509B8BAE75C50AF23E0D175581847BA38A60866F6300018214E34754C7A7053451AA36127E036EF2B0EB990EAB3A9F2090A8AAEE7CE1818F39282558F518A62EF93AF1F84DFDF4FB41545EE5D1F0E7C7D5F85FC7EA1EDDC999EEEA571DE0F58754CCDEABAA767F05A1CD72CF38FB77CED8FAC33A8C3E98461828E90055DE774F4FB69C64083E343E68AF68B547423620F82F7CFC60E0F94C7F9775F1D584F54A3D2150D1763FFD089329D7F289414DDA7A66AF370E350FD67C54E6C47ED87BF1D307A5182CF10A7880BC5B56B0892ED184C80A865D02A617A24B1C83CFF5DAF1AD3BC9CD86E6CA5873BE90A50EBD8B0BA5CFBAFCBA20566EE33B7329F0892AAA4AE2"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
g:\tortoisesvn\bin\TortoiseStub.dll
g:\tortoisesvn\bin\TortoiseSVN.dll
g:\tortoisesvn\bin\intl3_tsvn.dll
g:\svn\lib\shellext32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-25 14:38:57
ComboFix-quarantined-files.txt 2010-08-25 12:38

Pre-Run: 16 165 543 936 bytes free
Post-Run: 16 121 536 512 bytes free

- - End Of File - - 0C338DCF780D81C2EDD5645063C7D87E

[JaRon]

CF poupratoval ale este nemam z PC dobry pocit >> doporucujem vycistit s http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

[Bloodsong]

hmm...ale Daemon stale nejde, vyber jazyka klavesnice zmizol....

[Bloodsong]

jazyk nabehol, ani som nevidel kedy, daemon som reinstallol a uvidim po resete

[Bloodsong]

jo a PC sa uz vypina, ale aj pocas skenu mi NOD nasiel nieco v System Volume Information, Scan cez ten AV - AVPTool je este len na 41%

[Bloodsong]

LOG:
Autoscan: completed 2 minutes ago (events: 70, objects: 602929, time: 02:42:55)
25.8.2010 15:13:19 Task started
25.8.2010 16:20:15 Detected: Trojan-Dropper.Win32.Delf.ebb C:\Program Files\Lavasoft\Ad-Aware 2007\HostFileEditor.exe
25.8.2010 16:20:15 Detected: Trojan-Dropper.Win32.Delf.ebc C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe
25.8.2010 16:20:41 Deleted: Trojan-Dropper.Win32.Delf.ebb C:\Program Files\Lavasoft\Ad-Aware 2007\HostFileEditor.exe
25.8.2010 16:20:42 Deleted: Trojan-Dropper.Win32.Delf.ebc C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe
25.8.2010 16:28:30 Detected: Trojan-GameThief.Win32.Magania.dkua C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084955.exe/ASPack
25.8.2010 16:28:30 Detected: Trojan-GameThief.Win32.Magania.dlip C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084958.exe
25.8.2010 16:28:30 Detected: Trojan-GameThief.Win32.Magania.dkqv C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084957.exe
25.8.2010 16:28:52 Cannot be deleted: Trojan-GameThief.Win32.Magania.dkqv C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084957.exe Object not found
25.8.2010 16:28:52 Detected: Trojan-GameThief.Win32.Magania.dler C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084959.exe
25.8.2010 16:28:56 Cannot be deleted: Trojan-GameThief.Win32.Magania.dlip C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084958.exe Object not found
25.8.2010 16:28:56 Cannot be deleted: Trojan-GameThief.Win32.Magania.dkua C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084955.exe Object not found
25.8.2010 16:28:57 Cannot be deleted: Trojan-GameThief.Win32.Magania.dler C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084959.exe Object not found
25.8.2010 16:29:13 Detected: Trojan-Dropper.Win32.Delf.ebc C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086353.exe
25.8.2010 16:29:14 Detected: Trojan-Dropper.Win32.Delf.ebb C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086352.exe
25.8.2010 16:29:17 Deleted: Trojan-Dropper.Win32.Delf.ebc C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086353.exe
25.8.2010 16:29:24 Deleted: Trojan-Dropper.Win32.Delf.ebb C:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086352.exe
25.8.2010 16:45:19 Detected: Trojan-GameThief.Win32.Magania.dkqv D:\eyruu.exe
25.8.2010 16:46:07 Cannot be deleted: Trojan-GameThief.Win32.Magania.dkqv D:\eyruu.exe Object not found
25.8.2010 17:02:44 Detected: Backdoor.Win32.SdBot.ofh D:\prenos\Peter\CLASS.EXE
25.8.2010 17:03:06 Cannot be deleted: Backdoor.Win32.SdBot.ofh D:\prenos\Peter\CLASS.EXE Object not found
25.8.2010 17:08:09 Detected: Trojan-GameThief.Win32.Magania.dkua D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084960.exe/ASPack
25.8.2010 17:08:09 Detected: Trojan-GameThief.Win32.Magania.dlip D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084961.exe
25.8.2010 17:08:14 Deleted: Trojan-GameThief.Win32.Magania.dkua D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084960.exe
25.8.2010 17:08:14 Detected: Trojan-GameThief.Win32.Magania.dler D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084962.exe
25.8.2010 17:08:15 Deleted: Trojan-GameThief.Win32.Magania.dlip D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084961.exe
25.8.2010 17:08:16 Detected: Trojan-GameThief.Win32.Magania.dkqv D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086354.exe
25.8.2010 17:08:16 Deleted: Trojan-GameThief.Win32.Magania.dler D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084962.exe
25.8.2010 17:08:16 Deleted: Trojan-GameThief.Win32.Magania.dkqv D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086354.exe
25.8.2010 17:08:16 Detected: Backdoor.Win32.SdBot.ofh D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086355.EXE
25.8.2010 17:08:17 Deleted: Backdoor.Win32.SdBot.ofh D:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086355.EXE
25.8.2010 17:26:12 Detected: Trojan-GameThief.Win32.Magania.dkqv G:\eyruu.exe
25.8.2010 17:26:15 Detected: HEUR:Trojan.Win32.Generic G:\face-smoother-2.0.exe/data0004
25.8.2010 17:26:18 Deleted: Trojan-GameThief.Win32.Magania.dkqv G:\eyruu.exe
25.8.2010 17:26:21 Detected: HEUR:Trojan.Win32.Generic G:\face-smoother-2.0.exe
25.8.2010 17:44:45 Detected: Trojan-GameThief.Win32.Magania.djqt G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084943.exe
25.8.2010 17:44:45 Detected: Trojan-GameThief.Win32.Magania.dmox G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084944.exe
25.8.2010 17:44:45 Detected: Trojan-GameThief.Win32.Magania.dkqp G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084945.exe
25.8.2010 17:44:51 Deleted: Trojan-GameThief.Win32.Magania.djqt G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084943.exe
25.8.2010 17:44:51 Detected: Trojan-GameThief.Win32.Magania.dkzc G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084946.exe
25.8.2010 17:44:51 Deleted: Trojan-GameThief.Win32.Magania.dmox G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084944.exe
25.8.2010 17:44:51 Detected: Trojan-GameThief.Win32.Magania.dkee G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084947.exe
25.8.2010 17:44:51 Deleted: Trojan-GameThief.Win32.Magania.dkqp G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084945.exe
25.8.2010 17:44:52 Detected: Trojan-GameThief.Win32.Magania.dmdf G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084948.exe
25.8.2010 17:44:52 Deleted: Trojan-GameThief.Win32.Magania.dkzc G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084946.exe
25.8.2010 17:44:52 Detected: Trojan-GameThief.Win32.Magania.dkcg G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084949.exe
25.8.2010 17:44:52 Deleted: Trojan-GameThief.Win32.Magania.dkee G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084947.exe
25.8.2010 17:44:52 Detected: Trojan-GameThief.Win32.Magania.dmih G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084950.exe
25.8.2010 17:44:52 Deleted: Trojan-GameThief.Win32.Magania.dmdf G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084948.exe
25.8.2010 17:44:52 Detected: Trojan-GameThief.Win32.Magania.dlek G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084951.exe
25.8.2010 17:44:53 Deleted: Trojan-GameThief.Win32.Magania.dmih G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084950.exe
25.8.2010 17:44:53 Deleted: Trojan-GameThief.Win32.Magania.dkcg G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084949.exe
25.8.2010 17:44:53 Detected: Trojan-GameThief.Win32.Magania.dkvn G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084952.exe
25.8.2010 17:44:53 Detected: Trojan-GameThief.Win32.Magania.dlxn G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084953.exe
25.8.2010 17:44:53 Deleted: Trojan-GameThief.Win32.Magania.dlek G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084951.exe
25.8.2010 17:44:53 Detected: Trojan-GameThief.Win32.Magania.dkcd G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084954.exe
25.8.2010 17:44:53 Deleted: Trojan-GameThief.Win32.Magania.dkvn G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084952.exe
25.8.2010 17:44:54 Detected: Trojan-GameThief.Win32.Magania.dkua G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084963.exe/ASPack
25.8.2010 17:44:54 Deleted: Trojan-GameThief.Win32.Magania.dlxn G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084953.exe
25.8.2010 17:44:54 Detected: Trojan-GameThief.Win32.Magania.dlip G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084964.exe
25.8.2010 17:44:54 Deleted: Trojan-GameThief.Win32.Magania.dkcd G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084954.exe
25.8.2010 17:44:54 Detected: Trojan-GameThief.Win32.Magania.dler G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084965.exe
25.8.2010 17:44:54 Deleted: Trojan-GameThief.Win32.Magania.dkua G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084963.exe
25.8.2010 17:44:54 Detected: Trojan-GameThief.Win32.Magania.dkqv G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086357.exe
25.8.2010 17:44:54 Deleted: Trojan-GameThief.Win32.Magania.dlip G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084964.exe
25.8.2010 17:44:55 Deleted: Trojan-GameThief.Win32.Magania.dler G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP465\A0084965.exe
25.8.2010 17:44:55 Deleted: Trojan-GameThief.Win32.Magania.dkqv G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086357.exe
25.8.2010 17:44:57 Detected: HEUR:Trojan.Win32.Generic G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086358.exe/data0004
25.8.2010 17:45:01 Detected: HEUR:Trojan.Win32.Generic G:\System Volume Information\_restore{8E8D7C35-E2AE-4D84-BC43-04F1F6DE21AB}\RP466\A0086358.exe
25.8.2010 17:56:14 Task completed

[JaRon]

no fajn - malo by byt uz cisto
doporucujem:
vypnut obnovu systemu - restart - zapnut obnovu a hotovo

[Bloodsong]

ok, tak dik