Stránka 1 z 2
DesktopLayer
Napsal: 10 lis 2010 11:48
od Dotard
Prosim o pomoc s tymto virom, roby mi to problemy a mam v pc aj plno dalsich vyrov ...
stiahol som si spyware doctor a ten mi nasiel 700 hrozieb a asi 15 bolo kritickych ale ked som to chcel odstranit tak mi to vypitalo nech si to kupim online ...
Prosim ako tu haved odstranim ... Podla esetu mam v pc asi 20 tisic virov a nejdu odstranit ...
Uz neviem co s tymi okienkami co mi to furt vyhadzuje
Re: DesktopLayer
Napsal: 10 lis 2010 12:14
od motji
Hezké odpoledne
Jaké viry a v jakých souborech Vám je NOd hlásí?
Poprosím o log ze Rsitu, viz můj podpis.
Re: DesktopLayer
Napsal: 10 lis 2010 14:24
od Dotard
- Logfile of random's system information tool 1.08 (written by random/random)
Run by Oto at 2010-11-10 14:24:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (7%) free of 238 GB
Total RAM: 2047 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:24:04, on 10.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Oto\Desktop\RSIT-1.06.exe
C:\Program Files\trend micro\Oto.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CFilter Object - {2A7B720A-7A28-4e99-80A0-2DF985EC93D0} - C:\WINDOWS\system32\font.dll
O2 - BHO: Mirar - {4AEDC843-A65F-4A46-BEC8-53A080EAAC27} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKCU\..\Run: [SfKg6wIPuS] C:\Documents and Settings\Oto\Application Data\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Configuring] rundll32.exe C:\DOCUME~1\Oto\LOCALS~1\Temp\22704062.txt,M
O4 - HKCU\..\Run: [ASH24SXZ9S] C:\DOCUME~1\Oto\LOCALS~1\Temp\Gwi.exe
O4 - HKCU\..\Run: [Rapport] "C:\Documents and Settings\Oto\Application Data\sorrypeople2\smss.exe"
O4 - HKCU\..\Run: [engel] C:\Documents and Settings\Oto\Application Data\updates\updates.exe
O4 - HKCU\..\Run: [download] "C:\Documents and Settings\Oto\Application Data\download2\svcnost.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4721549093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4723707046
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... .3.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: MoradiciDis - {0A4AD42B-9847-4A48-B239-D3D6A1BA4962} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c99b0d83017c04) (gupdate1c99b0d83017c04) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - http://www.google.sk/url?sa=T
--
End of file - 11655 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-492894223-839522115-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-492894223-839522115-1004.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C489D38D-6DD6-4D45-B72A-A4CBC01B1288}.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2010-10-27 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A7B720A-7A28-4e99-80A0-2DF985EC93D0}]
CFilter Object - C:\WINDOWS\system32\font.dll [2010-09-16 184320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AEDC843-A65F-4A46-BEC8-53A080EAAC27}]
Mirar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-05 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-26 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-23 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}]
AlxTB BHO Class - C:\WINDOWS\system32\AlxTB1.dll [2010-09-18 516185]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll []
{3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - Alexa - C:\WINDOWS\system32\SHDOCVW.DLL [2008-04-14 1499136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-27 16844800]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-03 1826816]
"Gainward"=C:\Program Files\XpertVision\TBPanel.exe [2007-11-27 2169352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\M3PLUGIN.DLL,UPF []
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-09-30 718688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-10 202256]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-11 1468256]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"GameTracker"=C:\Program Files\GameTracker\GTLite.exe []
"SfKg6wIPuS"=C:\Documents and Settings\Oto\Application Data\Microsoft\Windows\oulwsv.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Configuring"=C:\DOCUME~1\Oto\LOCALS~1\Temp\22704062.txt,M []
"ASH24SXZ9S"=C:\DOCUME~1\Oto\LOCALS~1\Temp\Gwi.exe []
"Rapport"=C:\Documents and Settings\Oto\Application Data\sorrypeople2\smss.exe []
"engel"=C:\Documents and Settings\Oto\Application Data\updates\updates.exe []
"download"=C:\Documents and Settings\Oto\Application Data\download2\svcnost.exe []
C:\Documents and Settings\Oto\Start Menu\Programs\Startup
DesktopVideoPlayer.LNK - C:\Program Files\vghd\vghd.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]
cryptnet32.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
MoradiciDis - {0A4AD42B-9847-4A48-B239-D3D6A1BA4962}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"kjmhrduolucjpydzsqdhTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Beta\Counter-Strike\hl.exe"="C:\Program Files\Beta\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\World of Warcraft Beta\Launcher.exe"="C:\Program Files\World of Warcraft Beta\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Tremulous\tremulous.exe"="C:\Program Files\Tremulous\tremulous.exe:*:Enabled:tremulous"
"C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Warcraft III\ghost.exe"="C:\Program Files\Warcraft III\ghost.exe:*:Enabled:ghost"
"C:\Program Files\Warcraft III\GarenaHostBot.exe"="C:\Program Files\Warcraft III\GarenaHostBot.exe:*:Enabled:Garena Host Bot - advanced hosting bot for garena"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Repair.exe"
"C:\Program Files\Beta\Half-Life 2 Deathmatch\hl2.exe"="C:\Program Files\Beta\Half-Life 2 Deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Beta\Counter-Strike Source\hl2.exe"="C:\Program Files\Beta\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\abeceda12345\Half-Life\hl.exe"="C:\Program Files\Steam\steamapps\abeceda12345\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Oto\Games\Unreal Tournament 2004\System\UT2004.exe"="C:\Documents and Settings\Oto\Games\Unreal Tournament 2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\steamapps\Abeceda12345\Counter-Strike Source\hl2.exe"="C:\Program Files\Steam\steamapps\Abeceda12345\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe"="C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Open Beta"
"C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe"="C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer"
"C:\Documents and Settings\Oto\My Documents\Preberanie\Steam\Opposing Force\hl.exe"="C:\Documents and Settings\Oto\My Documents\Preberanie\Steam\Opposing Force\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Oto\Desktop\New Folder (2)\ghost.exe"="C:\Documents and Settings\Oto\Desktop\New Folder (2)\ghost.exe:*:Enabled:ghost"
"C:\Documents and Settings\Oto\Desktop\New Folder (2)\GarenaHostBot.exe"="C:\Documents and Settings\Oto\Desktop\New Folder (2)\GarenaHostBot.exe:*:Enabled:Garena Host Bot - advanced hosting bot for garena"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\theHunter\launcher\launcher.exe"="C:\Program Files\theHunter\launcher\launcher.exe:*:Enabled:theHunter Launcher"
"C:\Program Files\theHunter\game\theHunter.exe"="C:\Program Files\theHunter\game\theHunter.exe:*:Enabled:theHunter"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7743081141267526.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7743081141267526.exe:*:Enabled:ldrsoft"
"C:\Documents and Settings\Oto\Application Data\download2\svcnost.exe"="C:\Documents and Settings\Oto\Application Data\download2\svcnost.exe:*:Enabled:ldrsoft"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\google.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\google.exe:*:Enabled:ldrsoft"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.861352149571458.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\0.861352149571458.exe:*:Enabled:ldrsoft"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.088377577247019.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\0.088377577247019.exe:*:Enabled:ldrsoft"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\Launcher.patch.exe"="C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7352492504799715.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7352492504799715.exe:*:Enabled:ldrsoft"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Sierra\FEAR\FEAR.exe"="C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Program Files\Sierra\FEAR\FEARMP.exe"="C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-11-10 14:22:29 ----D---- C:\rsit
2010-11-10 11:18:49 ----D---- C:\Program Files\Spyware Doctor
2010-11-10 11:18:49 ----D---- C:\Program Files\Common Files\PC Tools
2010-11-10 10:26:06 ----D---- C:\Program Files\Microsoft
2010-11-06 16:51:25 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2010-11-06 16:15:17 ----D---- C:\Program Files\Sierra
2010-11-05 14:44:09 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-05 14:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-11-05 14:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-11-05 14:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-11-05 14:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-11-05 14:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-11-05 14:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-11-05 14:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-11-05 14:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-11-05 14:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-11-05 14:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-11-05 14:22:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-11-05 14:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-11-05 14:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-11-05 14:21:56 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-11-05 14:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-11-05 14:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-11-05 14:11:37 ----D---- C:\Program Files\ESET
2010-11-05 14:11:37 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-10-27 17:05:43 ----D---- C:\Program Files\Skype
2010-10-27 16:50:40 ----D---- C:\Documents and Settings\Oto\Application Data\sorrypeople
2010-10-27 16:49:53 ----D---- C:\Documents and Settings\Oto\Application Data\sorrypeople2
2010-10-25 00:07:55 ----D---- C:\Program Files\Alien vs Predator Gold Edition
2010-10-24 19:04:37 ----D---- C:\Program Files\Fox
2010-10-22 18:30:38 ----A---- C:\WINDOWS\setuplog.txt
2010-10-22 14:30:50 ----D---- C:\Program Files\World of Warcraft
2010-10-21 17:08:18 ----D---- C:\Documents and Settings\Oto\Application Data\updates
2010-10-21 15:17:26 ----D---- C:\Program Files\Mozilla Firefox
2010-10-18 12:24:30 ----D---- C:\Documents and Settings\Oto\Application Data\rapports2
2010-10-15 21:38:21 ----A---- C:\WINDOWS\system32\setie.txt
2010-10-15 14:31:54 ----A---- C:\WINDOWS\system32\msrun.exe
2010-10-15 14:31:41 ----A---- C:\WINDOWS\system32\drivers\ndisrd.sys
2010-10-13 19:16:19 ----A---- C:\WINDOWS\system32\shimg.dll
2010-10-13 18:54:10 ----D---- C:\Documents and Settings\Oto\Application Data\download
2010-10-12 20:00:25 ----D---- C:\Documents and Settings\Oto\Application Data\download2
2010-10-12 16:43:42 ----D---- C:\Documents and Settings\All Users\Application Data\Hunter
======List of files/folders modified in the last 1 months======
2010-11-10 14:24:04 ----D---- C:\Program Files\Trend Micro
2010-11-10 14:24:03 ----D---- C:\WINDOWS\Temp
2010-11-10 14:23:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-10 14:23:48 ----D---- C:\Program Files\Windows Media Player
2010-11-10 14:23:44 ----D---- C:\Program Files\WinRAR
2010-11-10 14:23:24 ----D---- C:\Program Files\RegCleaner
2010-11-10 14:23:20 ----D---- C:\Program Files\Outlook Express
2010-11-10 14:23:15 ----D---- C:\Program Files\Movie Maker
2010-11-10 14:23:13 ----D---- C:\Program Files\NetMeeting
2010-11-10 14:22:35 ----D---- C:\Program Files\ImageConverter Plus
2010-11-10 14:21:54 ----D---- C:\Program Files\Diablo II
2010-11-10 14:21:13 ----A---- C:\WINDOWS\DFC.INI
2010-11-10 11:39:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-10 11:39:01 ----D---- C:\WINDOWS\system32\drivers
2010-11-10 11:38:59 ----AD---- C:\WINDOWS
2010-11-10 11:19:05 ----SHD---- C:\WINDOWS\Installer
2010-11-10 11:19:04 ----D---- C:\WINDOWS\WinSxS
2010-11-10 11:18:49 ----RD---- C:\Program Files
2010-11-10 11:18:49 ----D---- C:\Program Files\Common Files
2010-11-10 10:54:12 ----D---- C:\Program Files\Garena
2010-11-10 10:48:19 ----D---- C:\WINDOWS\Prefetch
2010-11-10 10:42:45 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-10 10:31:53 ----A---- C:\WINDOWS\ModemLog_Standard 1200 bps Modem.txt
2010-11-10 10:30:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-10 10:27:07 ----D---- C:\Program Files\XpertVision
2010-11-10 10:26:05 ----D---- C:\Program Files\iTunes
2010-11-10 10:23:53 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-10 08:14:30 ----D---- C:\Program Files\Internet Explorer
2010-11-10 08:07:28 ----A---- C:\WINDOWS\system32\zlib.dll
2010-11-09 12:19:12 ----D---- C:\Documents and Settings\Oto\Application Data\SystemRequirementsLab
2010-11-08 18:08:53 ----D---- C:\Program Files\Warcraft III
2010-11-06 16:46:06 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-11-06 16:41:55 ----D---- C:\WINDOWS\system32\DirectX
2010-11-06 16:41:54 ----RSD---- C:\WINDOWS\assembly
2010-11-06 16:15:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-05 22:45:29 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-05 14:45:43 ----D---- C:\WINDOWS\system32
2010-11-05 14:44:06 ----SD---- C:\WINDOWS\Tasks
2010-11-05 14:27:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-05 14:23:58 ----HD---- C:\WINDOWS\inf
2010-11-05 14:23:54 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-05 14:23:52 ----A---- C:\WINDOWS\imsins.BAK
2010-11-05 14:22:57 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-05 14:22:44 ----D---- C:\WINDOWS\ie8updates
2010-10-29 23:26:27 ----D---- C:\Documents and Settings\Oto\Application Data\Skype
2010-10-29 23:04:32 ----D---- C:\Documents and Settings\Oto\Application Data\skypePM
2010-10-25 00:05:32 ----D---- C:\Documents and Settings\Oto\Application Data\uTorrent
2010-10-24 19:04:20 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2010-10-24 19:04:19 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2010-10-24 19:04:19 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2010-10-24 00:57:02 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-23 23:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-10-23 13:44:33 ----D---- C:\Program Files\Xvid
2010-10-23 13:44:04 ----D---- C:\Program Files\WinAVI MP4 Converter
2010-10-23 13:43:32 ----D---- C:\Program Files\VID_1A34&PID_0802
2010-10-23 13:43:32 ----D---- C:\Program Files\vghd
2010-10-23 13:43:27 ----D---- C:\Program Files\UltraISO
2010-10-23 13:43:13 ----D---- C:\Program Files\SystemRequirementsLab
2010-10-23 13:43:01 ----D---- C:\Program Files\Red Alert 2
2010-10-23 13:41:56 ----D---- C:\Program Files\QuickSFV
2010-10-23 13:40:56 ----D---- C:\Program Files\Mv2Player
2010-10-23 13:38:42 ----D---- C:\Program Files\ICQ6.5
2010-10-23 13:38:15 ----SD---- C:\Program Files\HLSW
2010-10-23 13:37:06 ----D---- C:\Program Files\Essentials Codec Pack
2010-10-23 13:36:37 ----D---- C:\Program Files\Doom 3
2010-10-23 13:35:47 ----D---- C:\Program Files\DAEMON Tools Lite
2010-10-23 13:35:08 ----D---- C:\Program Files\Common Files\EZB Systems
2010-10-23 13:20:32 ----D---- C:\Program Files\Common Files\DivX Shared
2010-10-23 13:20:04 ----D---- C:\Program Files\CFToolbox
2010-10-23 13:20:02 ----D---- C:\Program Files\Burn4Free
2010-10-23 13:19:51 ----D---- C:\Program Files\BatchPhoto
2010-10-23 13:19:15 ----D---- C:\Program Files\Any Flv Player
2010-10-23 13:19:10 ----D---- C:\Program Files\AVI ReComp
2010-10-23 13:17:32 ----D---- C:\Program Files\7-Zip
2010-10-18 16:33:39 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-10-12 13:40:12 ----D---- C:\Program Files\Activision
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-08-19 145952]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-10 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-02 4613120]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 ndisrd;WinpkFilter Service; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [2010-10-15 20480]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-21 46080]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-21 19968]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R4 PCTCore;PCTools KDS; C:\WINDOWS\system32\drivers\PCTCore.sys []
S0 khqlmxop;khqlmxop; C:\WINDOWS\system32\drivers\oopuhnpkpjv.sys [2010-09-21 72320]
S2 srenum;srenum; C:\WINDOWS\System32\DRIVERS\srenum.sys []
S3 ajo9i0he;ajo9i0he; C:\WINDOWS\system32\drivers\ajo9i0he.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\Oto\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Oto\LOCALS~1\Temp\CSA225.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-11-11 27744]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-09-22 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-10-18 214520]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate1c99b0d83017c04;Google Update Service (gupdate1c99b0d83017c04); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
S2 PinnacleUpdateSvc;PinnacleUpdate Service; C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe [2010-08-08 413696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-19 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2010-10-23 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-05-27 3569704]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2010-10-23 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: DesktopLayer
Napsal: 10 lis 2010 14:31
od motji
Vy máte v pc zoo i s babkou pokladní, jak dycky říkal jeden náš kolega
.
Jdeme na to.
Pokud něco nepůjde nebo něčemu nebudete rozumět, napište.
Stahněte
Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
-spusťte ho a nechejte pracovat. Sám se ukončí.
-
Ted nerestartujte počítač!
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-přejmenujte combofix na
cokoliv.com
Re: DesktopLayer
Napsal: 10 lis 2010 17:12
od Dotard
Kód: Vybrat vše
ComboFix 10-11-09.02 - Oto 10.11.2010 16:48:05.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.420.1033.18.2047.1404 [GMT 1:00]
Running from: c:\documents and settings\Oto\Desktop\lolec.com
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Oto\Application Data\download2
c:\documents and settings\Oto\Application Data\MSA
c:\documents and settings\Oto\Application Data\WhereSphere
c:\documents and settings\Oto\Application Data\WhereSphere\config.cfg
c:\documents and settings\Oto\Start Menu\Programs\Security Tool.lnk
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Microsoft\DesktopLayer.exe
c:\windows\system32\AlxTB1.dll
c:\windows\system32\crt.dat
c:\windows\system32\drivers\oopuhnpkpjv.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\msrun.exe
c:\windows\system32\shimg.dll
c:\windows\system32\Temp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_khqlmxop
-------\Service_ndisrd
((((((((((((((((((((((((( Files Created from 2010-10-10 to 2010-11-10 )))))))))))))))))))))))))))))))
.
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2010-11-10 13:22 . 2010-11-10 13:22 -------- d-----w- C:\rsit
2010-11-10 09:26 . 2010-11-10 15:55 -------- d-----w- c:\program files\Microsoft
2010-11-06 15:51 . 2010-11-06 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-11-06 15:15 . 2010-11-06 15:15 -------- d-----w- c:\program files\Sierra
2010-11-05 13:20 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-05 13:19 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-05 13:18 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-05 13:11 . 2010-11-05 13:11 -------- d-----w- c:\program files\ESET
2010-11-05 13:11 . 2010-11-05 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-10-27 16:05 . 2010-10-27 16:05 -------- d-----w- c:\program files\Skype
2010-10-27 15:50 . 2010-11-05 13:49 -------- d-----w- c:\documents and settings\Oto\Application Data\sorrypeople
2010-10-24 23:07 . 2010-10-24 23:18 -------- d-----w- c:\program files\Alien vs Predator Gold Edition
2010-10-24 18:04 . 2010-10-24 18:04 -------- d-----w- c:\program files\Fox
2010-10-22 13:30 . 2010-11-06 12:27 -------- d-----w- c:\program files\World of Warcraft
2010-10-21 16:08 . 2010-11-05 13:45 -------- d-----w- c:\documents and settings\Oto\Application Data\updates
2010-10-18 11:24 . 2010-11-05 13:49 -------- d-----w- c:\documents and settings\Oto\Application Data\rapports2
2010-10-15 13:31 . 2010-10-15 13:31 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-10-13 17:54 . 2010-11-05 13:48 -------- d-----w- c:\documents and settings\Oto\Application Data\download
2010-10-12 15:43 . 2010-10-12 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hunter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 07:07 . 2009-10-29 13:59 119296 ----a-w- c:\windows\system32\zlib.dll
2010-11-06 15:46 . 2009-02-15 19:43 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-24 18:04 . 2009-04-15 17:18 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-10-24 18:04 . 2009-04-15 17:18 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-10-24 18:04 . 2009-04-15 17:18 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-10-18 15:35 . 2009-02-17 10:12 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-18 15:33 . 2009-06-20 16:00 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-18 15:33 . 2009-02-17 10:11 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-04 23:30 . 2009-02-17 10:12 138056 ----a-w- c:\documents and settings\Oto\Application Data\PnkBstrK.sys
2010-09-22 15:54 . 2009-02-17 10:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-22 15:54 . 2009-02-17 10:11 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-18 11:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-16 13:28 . 2010-09-16 13:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-09-16 13:28 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-09-16 13:28 . 2010-09-16 13:16 90112 ----a-w- c:\windows\system32\dotnetlib.dll
2010-09-16 13:28 . 2009-02-16 02:15 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-16 13:28 . 2009-02-16 02:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-16 13:28 . 2010-09-16 13:16 184320 ----a-w- c:\windows\system32\font.dll
2010-09-15 15:18 . 2010-10-04 23:30 2601752 ----a-w- c:\windows\system32\pbsvc_moh.exe
2010-09-10 05:58 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-29 22:16 . 2010-08-29 22:16 249856 ------w- c:\windows\Setup1.exe
2010-08-29 22:15 . 2010-08-29 22:15 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-08-29 20:44 . 2010-08-29 20:44 94208 ----a-w- c:\windows\DIIUnin.exe
2010-08-29 20:44 . 2010-08-29 20:44 2829 ----a-w- c:\windows\DIIUnin.pif
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 05:28 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-24 22:20 . 2010-08-24 22:20 152904 ----a-w- c:\windows\system32\vghd.scr
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"Gainward"="c:\program files\XpertVision\TBPanel.exe" [2007-11-27 2169352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-10 202256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
c:\documents and settings\Oto\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2010-8-24 600904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"kjmhrduolucjpydzsqdhTaskMgr"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Tremulous\\tremulous.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Warcraft III\\ghost.exe"=
"c:\\Program Files\\Warcraft III\\GarenaHostBot.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Documents and Settings\\Oto\\Games\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.2.2009 10:50 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 13:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.8.2010 14:16 810144]
S2 gupdate1c99b0d83017c04;Google Update Service (gupdate1c99b0d83017c04);c:\program files\Google\Update\GoogleUpdate.exe [2.3.2009 9:04 133104]
S2 srenum;srenum;c:\windows\system32\DRIVERS\srenum.sys --> c:\windows\system32\DRIVERS\srenum.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Oto\LOCALS~1\Temp\CSA225.tmp --> c:\docume~1\Oto\LOCALS~1\Temp\CSA225.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 08:04]
2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 08:04]
2010-11-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-492894223-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-11-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-492894223-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
2010-11-09 c:\windows\Tasks\User_Feed_Synchronization-{C489D38D-6DD6-4D45-B72A-A4CBC01B1288}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
FF - ProfilePath - c:\documents and settings\Oto\Application Data\Mozilla\Firefox\Profiles\4r7gaonp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
BHO-{4AEDC843-A65F-4A46-BEC8-53A080EAAC27} - (no file)
BHO-{db9d7a78-a76c-4bf2-97c6-258925ee1542} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{4AEDC842-A65F-4A46-BEC8-53A080EAAC27} - (no file)
HKCU-Run-GameTracker - c:\program files\GameTracker\GTLite.exe
HKCU-Run-Rapport - c:\documents and settings\Oto\Application Data\sorrypeople2\smss.exe
HKCU-Run-engel - c:\documents and settings\Oto\Application Data\updates\updates.exe
HKCU-Run-download - c:\documents and settings\Oto\Application Data\download2\svcnost.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\5.bin\M3PLUGIN.DLL
SharedTaskScheduler-{0A4AD42B-9847-4A48-B239-D3D6A1BA4962} - (no file)
AddRemove-3gpConverter - c:\program files\3GP Converter\uninst.exe
AddRemove-53F13DB4D9611FD63BE580F06F0729BF236ABE68 - c:\progra~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe
AddRemove-Emote-Launcher - c:\program files\emote\launcher\Emote-Launcher-uninst.exe
AddRemove-Free 3GP Video Converter_is1 - c:\program files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-10 16:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Oto\LOCALS~1\Temp\CSA225.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\snmp.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\vghd\VirtuaGirl_Downloader.exe
.
**************************************************************************
.
Completion time: 2010-11-10 16:59:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-10 15:59
Pre-Run: 18 274 643 968 bytes free
Post-Run: 20 271 091 712 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 74B74EFA485C3F2020C2E37EB8DBF4A8
Re: DesktopLayer
Napsal: 10 lis 2010 22:09
od motji
Ještě tam toho je
.
Prosím odstraňte log z code, špatně se mi v tom čte, děkuji.
Stahněte
MBAM z mého podpisu
-Nainstalujte,dejte
úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Re: DesktopLayer
Napsal: 11 lis 2010 13:45
od Dotard
- Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verzia databázy: 5095
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
11.11.2010 13:43:40
mbam-log-2010-11-11 (13-43-40).txt
Typ kontroly: Úplná kontrola (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Objektov kontrolovaných: 217739
Uplynulý èas: 39 min, 55 sek
Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registraèné k¾úèe: 29
Infikované registraèné hodnoty: 10
Infikované položky registraèných dát: 3
Infikované prieèinky: 0
Infikované súbory: 3
Infikované služby pamäte:
(Škodlivé položky neboli zistené)
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registraèné k¾úèe:
HKEY_CLASSES_ROOT\alxtb.bho (Adware.Alexa) -> No action taken.
HKEY_CLASSES_ROOT\alxtb.bho.1 (Adware.Alexa) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} (Adware.Alexa) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f1fabe79-25fc-46de-8c5a-2c6db9d64333} (Adware.Alexa) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{05i41m56-qw07-u20f-yx8t-vb4u6tp4ux63} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8b2c7c9d-716d-4e9e-9358-b9c80a81b7ed} (Adware.Adparatus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} (Adware.Alexa) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f1fabe79-25fc-46de-8c5a-2c6db9d64333} (Adware.Alexa) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b2c7c9d-716d-4e9e-9358-b9c80a81b7ed} (Adware.Adparatus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} (Adware.Alexa) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f1fabe79-25fc-46de-8c5a-2c6db9d64333} (Adware.Alexa) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1fabe79-25fc-46de-8c5a-2c6db9d64333} (Adware.Alexa) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ASH24SXZ9S (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhereSphere (Adware.WhereSphere) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WhereSphere (Adware.WhereSphere) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srenum (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4aedc843-a65f-4a46-bec8-53a080eaac27} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4aedc843-a65f-4a46-bec8-53a080eaac27} (Trojan.BHO) -> No action taken.
Infikované registraèné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} (Adware.Alexa) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rapport (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ash24sxz9s (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\download (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\engel (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipus (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\registrymonitor2 (Malware.Trace) -> No action taken.
Infikované položky registraèných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> No action taken.
Infikované prieèinky:
(Škodlivé položky neboli zistené)
Infikované súbory:
C:\Documents and Settings\Oto\Desktop\55 LVL Rank hack all versions\55 LVL Rank hack all versions\EasyAccount.exe (RiskWare.Tool.CK) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\msrun.exe.vir (Trojan.Agent) -> No action taken.
C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> No action taken.
Re: DesktopLayer
Napsal: 11 lis 2010 14:33
od motji
Tento klíč neopravujte, opravím ho raději sama přes combofix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> No action taken.
Jinak smažte v mbamu vše.
Poprosím o nový log ze Rsitu a domažeme to
Re: DesktopLayer
Napsal: 11 lis 2010 16:02
od Dotard
- Logfile of random's system information tool 1.08 (written by random/random)
Run by Oto at 2010-11-11 16:00:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (8%) free of 238 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:00:59, on 11.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\vghd\VirtuaGirl_Downloader.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Oto\Desktop\RSIT.exe
C:\Program Files\trend micro\Oto.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CFilter Object - {2A7B720A-7A28-4e99-80A0-2DF985EC93D0} - C:\WINDOWS\system32\font.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Configuring] rundll32.exe C:\DOCUME~1\Oto\LOCALS~1\Temp\22704062.txt,M
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4721549093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4723707046
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... .3.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: MoradiciDis - {0A4AD42B-9847-4A48-B239-D3D6A1BA4962} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c99b0d83017c04) (gupdate1c99b0d83017c04) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: (no name) - http://www.google.sk/url?sa=T
--
End of file - 10422 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-492894223-839522115-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-492894223-839522115-1004.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{C489D38D-6DD6-4D45-B72A-A4CBC01B1288}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2010-10-27 1082880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A7B720A-7A28-4e99-80A0-2DF985EC93D0}]
CFilter Object - C:\WINDOWS\system32\font.dll [2010-09-16 184320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-05 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-26 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-23 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-26 256112]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-27 16844800]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-03 1826816]
"Gainward"=C:\Program Files\XpertVision\TBPanel.exe [2007-11-27 2169352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-09-30 718688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-10 202256]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-11 1468256]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"GameTracker"=C:\Program Files\GameTracker\GTLite.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Configuring"=C:\DOCUME~1\Oto\LOCALS~1\Temp\22704062.txt,M []
C:\Documents and Settings\Oto\Start Menu\Programs\Startup
DesktopVideoPlayer.LNK - C:\Program Files\vghd\vghd.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]
cryptnet32.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
MoradiciDis - {0A4AD42B-9847-4A48-B239-D3D6A1BA4962}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"kjmhrduolucjpydzsqdhTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\Beta\Counter-Strike\hl.exe"="C:\Program Files\Beta\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\World of Warcraft Beta\Launcher.exe"="C:\Program Files\World of Warcraft Beta\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Tremulous\tremulous.exe"="C:\Program Files\Tremulous\tremulous.exe:*:Enabled:tremulous"
"C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ"
"C:\Program Files\Warcraft III\ghost.exe"="C:\Program Files\Warcraft III\ghost.exe:*:Enabled:ghost"
"C:\Program Files\Warcraft III\GarenaHostBot.exe"="C:\Program Files\Warcraft III\GarenaHostBot.exe:*:Enabled:Garena Host Bot - advanced hosting bot for garena"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Repair.exe"
"C:\Program Files\Beta\Half-Life 2 Deathmatch\hl2.exe"="C:\Program Files\Beta\Half-Life 2 Deathmatch\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Beta\Counter-Strike Source\hl2.exe"="C:\Program Files\Beta\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\abeceda12345\Half-Life\hl.exe"="C:\Program Files\Steam\steamapps\abeceda12345\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Oto\Games\Unreal Tournament 2004\System\UT2004.exe"="C:\Documents and Settings\Oto\Games\Unreal Tournament 2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Steam\steamapps\Abeceda12345\Counter-Strike Source\hl2.exe"="C:\Program Files\Steam\steamapps\Abeceda12345\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe"="C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Open Beta"
"C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe"="C:\Program Files\Electronic Arts\Medal of Honor MP Open Beta\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer"
"C:\Documents and Settings\Oto\My Documents\Preberanie\Steam\Opposing Force\hl.exe"="C:\Documents and Settings\Oto\My Documents\Preberanie\Steam\Opposing Force\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Oto\Desktop\New Folder (2)\ghost.exe"="C:\Documents and Settings\Oto\Desktop\New Folder (2)\ghost.exe:*:Enabled:ghost"
"C:\Documents and Settings\Oto\Desktop\New Folder (2)\GarenaHostBot.exe"="C:\Documents and Settings\Oto\Desktop\New Folder (2)\GarenaHostBot.exe:*:Enabled:Garena Host Bot - advanced hosting bot for garena"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\theHunter\launcher\launcher.exe"="C:\Program Files\theHunter\launcher\launcher.exe:*:Enabled:theHunter Launcher"
"C:\Program Files\theHunter\game\theHunter.exe"="C:\Program Files\theHunter\game\theHunter.exe:*:Enabled:theHunter"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7743081141267526.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7743081141267526.exe:*:Enabled:ldrsoft"
"C:\Documents and Settings\Oto\Application Data\download2\svcnost.exe"="C:\Documents and Settings\Oto\Application Data\download2\svcnost.exe:*:Enabled:ldrsoft"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\google.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\google.exe:*:Enabled:ldrsoft"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.861352149571458.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\0.861352149571458.exe:*:Enabled:ldrsoft"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.088377577247019.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\0.088377577247019.exe:*:Enabled:ldrsoft"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\Launcher.patch.exe"="C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7352492504799715.exe"="C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7352492504799715.exe:*:Enabled:ldrsoft"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Sierra\FEAR\FEAR.exe"="C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Program Files\Sierra\FEAR\FEARMP.exe"="C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-11-11 16:00:50 ----D---- C:\rsit
2010-11-11 13:01:12 ----D---- C:\Documents and Settings\Oto\Application Data\Malwarebytes
2010-11-11 13:01:01 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-11-11 13:01:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-11-11 13:00:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-11 13:00:59 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-11-10 17:00:17 ----SHD---- C:\RECYCLER
2010-11-10 16:59:47 ----A---- C:\ComboFix.txt
2010-11-10 16:46:55 ----RASHD---- C:\cmdcons
2010-11-10 16:43:59 ----A---- C:\WINDOWS\PEV.exe
2010-11-10 16:43:59 ----A---- C:\WINDOWS\MBR.exe
2010-11-10 16:42:27 ----D---- C:\Qoobox
2010-11-10 10:26:06 ----D---- C:\Program Files\Microsoft
2010-11-06 16:51:25 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2010-11-06 16:15:17 ----D---- C:\Program Files\Sierra
2010-11-05 14:44:09 ----A---- C:\WINDOWS\system32\MRT.INI
2010-11-05 14:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-11-05 14:23:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-11-05 14:23:40 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-11-05 14:23:34 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-11-05 14:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-11-05 14:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-11-05 14:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-11-05 14:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-11-05 14:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-11-05 14:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-11-05 14:22:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-11-05 14:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-11-05 14:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-11-05 14:21:56 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-11-05 14:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-11-05 14:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-11-05 14:11:37 ----D---- C:\Program Files\ESET
2010-11-05 14:11:37 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-10-27 17:05:43 ----D---- C:\Program Files\Skype
2010-10-27 16:50:40 ----D---- C:\Documents and Settings\Oto\Application Data\sorrypeople
2010-10-27 16:49:53 ----D---- C:\Documents and Settings\Oto\Application Data\sorrypeople2
2010-10-25 00:07:55 ----D---- C:\Program Files\Alien vs Predator Gold Edition
2010-10-24 19:04:37 ----D---- C:\Program Files\Fox
2010-10-22 18:30:38 ----A---- C:\WINDOWS\setuplog.txt
2010-10-22 14:30:50 ----D---- C:\Program Files\World of Warcraft
2010-10-21 17:08:18 ----D---- C:\Documents and Settings\Oto\Application Data\updates
2010-10-21 15:17:26 ----D---- C:\Program Files\Mozilla Firefox
2010-10-18 12:24:30 ----D---- C:\Documents and Settings\Oto\Application Data\rapports2
2010-10-15 21:38:21 ----A---- C:\WINDOWS\system32\setie.txt
2010-10-15 14:31:41 ----A---- C:\WINDOWS\system32\drivers\ndisrd.sys
2010-10-13 18:54:10 ----D---- C:\Documents and Settings\Oto\Application Data\download
2010-10-12 16:43:42 ----D---- C:\Documents and Settings\All Users\Application Data\Hunter
======List of files/folders modified in the last 1 months======
2010-11-11 16:00:52 ----D---- C:\Program Files\Trend Micro
2010-11-11 16:00:38 ----D---- C:\WINDOWS\Temp
2010-11-11 16:00:09 ----A---- C:\WINDOWS\DFC.INI
2010-11-11 15:55:24 ----A---- C:\WINDOWS\ModemLog_Standard 1200 bps Modem.txt
2010-11-11 15:55:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-11 15:54:32 ----D---- C:\WINDOWS\system32\drivers
2010-11-11 15:53:22 ----D---- C:\Program Files\Diablo II
2010-11-11 15:46:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-11 15:46:35 ----D---- C:\Program Files\Windows Media Player
2010-11-11 15:46:31 ----D---- C:\Program Files\WinRAR
2010-11-11 15:46:05 ----D---- C:\Program Files\RegCleaner
2010-11-11 15:46:01 ----D---- C:\Program Files\Outlook Express
2010-11-11 15:45:56 ----D---- C:\Program Files\Movie Maker
2010-11-11 15:45:54 ----D---- C:\Program Files\NetMeeting
2010-11-11 15:45:18 ----D---- C:\Program Files\ImageConverter Plus
2010-11-11 15:19:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-11 13:00:59 ----RD---- C:\Program Files
2010-11-11 10:47:23 ----A---- C:\WINDOWS\system32\zlib.dll
2010-11-10 17:07:37 ----D---- C:\WINDOWS\system32\config
2010-11-10 17:07:18 ----D---- C:\WINDOWS\system32\wbem
2010-11-10 17:07:18 ----D---- C:\WINDOWS\Registration
2010-11-10 17:02:30 ----D---- C:\WINDOWS\network diagnostic
2010-11-10 16:59:20 ----SD---- C:\WINDOWS\Tasks
2010-11-10 16:59:04 ----D---- C:\WINDOWS\ERDNT
2010-11-10 16:57:03 ----D---- C:\Program Files\Internet Explorer
2010-11-10 16:56:12 ----D---- C:\WINDOWS\Prefetch
2010-11-10 16:55:32 ----AD---- C:\WINDOWS
2010-11-10 16:55:32 ----A---- C:\WINDOWS\system.ini
2010-11-10 16:55:14 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-10 16:54:52 ----D---- C:\Program Files\Common Files
2010-11-10 16:52:16 ----D---- C:\WINDOWS\system32
2010-11-10 16:50:04 ----D---- C:\WINDOWS\AppPatch
2010-11-10 16:47:00 ----RASH---- C:\boot.ini
2010-11-10 11:39:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-11-10 11:19:05 ----SHD---- C:\WINDOWS\Installer
2010-11-10 11:19:04 ----D---- C:\WINDOWS\WinSxS
2010-11-10 10:54:12 ----D---- C:\Program Files\Garena
2010-11-10 10:27:07 ----D---- C:\Program Files\XpertVision
2010-11-10 10:26:05 ----D---- C:\Program Files\iTunes
2010-11-10 10:23:53 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-09 12:19:12 ----D---- C:\Documents and Settings\Oto\Application Data\SystemRequirementsLab
2010-11-08 18:08:53 ----D---- C:\Program Files\Warcraft III
2010-11-06 16:46:06 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2010-11-06 16:41:55 ----D---- C:\WINDOWS\system32\DirectX
2010-11-06 16:41:54 ----RSD---- C:\WINDOWS\assembly
2010-11-06 16:15:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-05 22:45:29 ----D---- C:\WINDOWS\Microsoft.NET
2010-11-05 14:27:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-05 14:23:58 ----HD---- C:\WINDOWS\inf
2010-11-05 14:23:54 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-05 14:23:52 ----A---- C:\WINDOWS\imsins.BAK
2010-11-05 14:22:57 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-05 14:22:44 ----D---- C:\WINDOWS\ie8updates
2010-10-29 23:26:27 ----D---- C:\Documents and Settings\Oto\Application Data\Skype
2010-10-29 23:04:32 ----D---- C:\Documents and Settings\Oto\Application Data\skypePM
2010-10-25 00:05:32 ----D---- C:\Documents and Settings\Oto\Application Data\uTorrent
2010-10-24 19:04:20 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2010-10-24 19:04:19 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2010-10-24 19:04:19 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2010-10-24 00:57:02 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-23 23:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-10-23 13:44:33 ----D---- C:\Program Files\Xvid
2010-10-23 13:44:04 ----D---- C:\Program Files\WinAVI MP4 Converter
2010-10-23 13:43:32 ----D---- C:\Program Files\VID_1A34&PID_0802
2010-10-23 13:43:32 ----D---- C:\Program Files\vghd
2010-10-23 13:43:27 ----D---- C:\Program Files\UltraISO
2010-10-23 13:43:13 ----D---- C:\Program Files\SystemRequirementsLab
2010-10-23 13:43:01 ----D---- C:\Program Files\Red Alert 2
2010-10-23 13:41:56 ----D---- C:\Program Files\QuickSFV
2010-10-23 13:40:56 ----D---- C:\Program Files\Mv2Player
2010-10-23 13:38:42 ----D---- C:\Program Files\ICQ6.5
2010-10-23 13:38:15 ----SD---- C:\Program Files\HLSW
2010-10-23 13:37:06 ----D---- C:\Program Files\Essentials Codec Pack
2010-10-23 13:36:37 ----D---- C:\Program Files\Doom 3
2010-10-23 13:35:47 ----D---- C:\Program Files\DAEMON Tools Lite
2010-10-23 13:35:08 ----D---- C:\Program Files\Common Files\EZB Systems
2010-10-23 13:20:32 ----D---- C:\Program Files\Common Files\DivX Shared
2010-10-23 13:20:04 ----D---- C:\Program Files\CFToolbox
2010-10-23 13:20:02 ----D---- C:\Program Files\Burn4Free
2010-10-23 13:19:51 ----D---- C:\Program Files\BatchPhoto
2010-10-23 13:19:15 ----D---- C:\Program Files\Any Flv Player
2010-10-23 13:19:10 ----D---- C:\Program Files\AVI ReComp
2010-10-23 13:17:32 ----D---- C:\Program Files\7-Zip
2010-10-18 16:33:39 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-10-12 13:40:12 ----D---- C:\Program Files\Activision
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-04-27 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-10 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-02 36864]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-02 4613120]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 ndisrd;WinpkFilter Service; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [2010-10-15 20480]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-21 46080]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-21 19968]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 khqlmxop;khqlmxop; C:\WINDOWS\system32\drivers\oopuhnpkpjv.sys []
S0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-08-19 145952]
S3 a018syuv;a018syuv; C:\WINDOWS\system32\drivers\a018syuv.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\Oto\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Oto\LOCALS~1\Temp\CSA225.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 GMSIPCI;GMSIPCI; \??\H:\INSTALL\GMSIPCI.SYS []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-11-11 27744]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-09-22 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-10-18 214520]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gupdate1c99b0d83017c04;Google Update Service (gupdate1c99b0d83017c04); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
S2 PinnacleUpdateSvc;PinnacleUpdate Service; C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe [2010-08-08 413696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-19 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2010-10-23 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-05-27 3569704]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2010-10-23 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: DesktopLayer
Napsal: 11 lis 2010 16:02
od Dotard
- info.txt logfile of random's system information tool 1.08 2010-11-11 16:01:03
======Uninstall list======
-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
-->MsiExec /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3GP Converter (remove only)-->C:\Program Files\3GP Converter\uninst.exe -c
3GP Video Converter 3-->C:\Program Files\ImTOO\3GP Video Converter 3\Uninstall.exe
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Alien vs Predator Gold Edition.-->C:\PROGRA~1\ALIENV~1\UNWISE.EXE C:\PROGRA~1\ALIENV~1\INSTALL.LOG
Any Flv Player 2.5.1-->"C:\Program Files\Any Flv Player\unins000.exe"
Any Video Converter 3.0.2-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
aTube Catcher 1.0-->"C:\Program Files\DsNET Corp\aTube Catcher 1.0\unins000.exe"
AVI ReComp 1.2.3-->C:\Program Files\AVI ReComp\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BatchPhoto v2.5-->"C:\Program Files\BatchPhoto\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{149464D9-B06F-4505-9968-FD1206F67AD3}\setup.exe -runfromtemp -l0x0409
Call Of Duty(R) 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBECFA83-42DC-4585-A970-A764AB01A956}\setup.exe" -l0x5
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crysis WARHEAD(R)-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Converter-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Documents and Settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Setup-->C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DOOM 3: Resurrection of Evil-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{04347DFD-87B6-4E30-B14D-5DF2888AD8F5} /l1033
Doom 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909} /l1033 /x
Emote-Launcher (remove only)-->"C:\Program Files\emote\launcher\Emote-Launcher-uninst.exe"
EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Fast Browser Search (My Tattoons)-->regsvr32 /u /s "C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll"
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
File Splitter and Joiner (FFSJ v3.3)-->"C:\WINDOWS\unins000.exe"
Free 3GP Video Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
Garena 2010-->C:\Program Files\Garena\uninst.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\7.0.517.44\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.3.2.1-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImageConverter Plus 8.0-->"C:\Program Files\ImageConverter Plus\unins000.exe"
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Koala Player 3.0 XP Free-->C:\Program Files\Koala\Koala Player 3.0 XP Free\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Xbox 360 Accessories 1.2-->MsiExec.exe /X{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}
Mirar-->mshta.exe http://remove.getmirar.com/
MoradiciDis-->MsiExec.exe /I{1C7DCC14-10C2-4A2C-8DF4-DAA08EE1EB59}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0-->MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600}
MSXML 4.0-->MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC}
MV2Player (remove only)-->C:\Program Files\Mv2Player\uninst.exe
My Mix-->C:\WINDOWS\unvise32.exe C:\Program Files\Simple Star\My Mix\data\uninstal.log
Nidesoft DVD to 3GP Suite v2.0-->"C:\Program Files\Nidesoft Studio\Nidesoft DVD to 3GP Suite 2\unins000.exe"
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pinnacle Game Profiler-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\Setup.exe" -l0x9
PunkBuster Services-->C:\WINDOWS\system32\pbsvc_moh.exe -u --language=EN
Quake Live Mozilla Plugin-->MsiExec.exe /I{2BEB102E-F9CD-4881-984B-E288F66FD394}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
ResidentEvil3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE15F0C0-108D-11D4-AF73-0000E21444C5}\Setup.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SL-6555-SBK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB86D35-DF3B-407F-B43E-468345DABF29}\setup.exe" -l0x9 -removeonly
System Requirements Lab CYRI-->MsiExec.exe /I{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Tremulous 1.1.0-->"C:\Program Files\Tremulous\uninstall.exe"
UltraISO Premium V9.33-->"C:\Program Files\UltraISO\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VirtuaGirl-->C:\Documents and Settings\Oto\Start Menu\Programs\VirtuaGirl\uninstall.lnk
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Webzen Game Starter-->"C:\Program Files\InstallShield Installation Information\{255FC1CF-2620-4B64-BE02-79B9E609BB3D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Essentials Media Codec Pack 2.3d-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xilisoft 3GP Video Converter-->C:\Program Files\Xilisoft\3GP Video Converter 3\Uninstall.exe
XpertVision 5.9-->"C:\Program Files\XpertVision\unins000.exe"
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
YouTube Downloader 2.5.3-->"C:\Program Files\YouTube Downloader\uninstall.exe"
======Security center information======
AV: ESET Smart Security 4.2
FW: ESET personal firewall
======System event log======
Computer Name: YOUR-A37E965C9C
Event Code: 7000
Message: The Cardex service failed to start due to the following error:
Cannot create a file when that file already exists.
Record Number: 82722
Source Name: Service Control Manager
Time Written: 20101103181731.000000+060
Event Type: error
User:
Computer Name: YOUR-A37E965C9C
Event Code: 7034
Message: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).
Record Number: 82711
Source Name: Service Control Manager
Time Written: 20101103181721.000000+060
Event Type: error
User:
Computer Name: YOUR-A37E965C9C
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 82706
Source Name: Tcpip
Time Written: 20101103181705.000000+060
Event Type: warning
User:
Computer Name: YOUR-A37E965C9C
Event Code: 7000
Message: The Cardex service failed to start due to the following error:
Cannot create a file when that file already exists.
Record Number: 82679
Source Name: Service Control Manager
Time Written: 20101103144721.000000+060
Event Type: error
User:
Computer Name: YOUR-A37E965C9C
Event Code: 1101
Message: The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.
Record Number: 82674
Source Name: SNMP
Time Written: 20101103144718.000000+060
Event Type: warning
User:
=====Application event log=====
Computer Name: YOUR-A37E965C9C
Event Code: 4126
Message: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
be automatically restored by refiltering all documents.
Record Number: 13
Source Name: Ci
Time Written: 20100818112651.000000+120
Event Type: error
User:
Computer Name: YOUR-A37E965C9C
Event Code: 4124
Message: Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).
Record Number: 12
Source Name: Ci
Time Written: 20100818112651.000000+120
Event Type: error
User:
Computer Name: YOUR-A37E965C9C
Event Code: 4132
Message: 11 inconsistencies were detected in PropertyStore during recovery of catalog c:\system volume information\catalog.wci.
Record Number: 11
Source Name: Ci
Time Written: 20100818112651.000000+120
Event Type: warning
User:
Computer Name: YOUR-A37E965C9C
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.
Record Number: 7
Source Name: EvntAgnt
Time Written: 20100818111935.000000+120
Event Type: warning
User:
Computer Name: YOUR-A37E965C9C
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .
Record Number: 6
Source Name: EvntAgnt
Time Written: 20100818111935.000000+120
Event Type: warning
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ImageConverter Plus;C:\Program Files\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files\ImageConverter Plus\Microsoft.VC80.MFC;C:\Program Files\Common Files\DivX Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Re: DesktopLayer
Napsal: 11 lis 2010 18:10
od motji
Ještě otestujte na
www.virustotal.com
C:\Program Files\vghd\vghd.exe
C:\WINDOWS\system32\drivers\ndisrd.sys
Re: DesktopLayer
Napsal: 12 lis 2010 09:45
od Dotard
DesktopLayer sa stale nezmazal a robi problemy ...
Re: DesktopLayer
Napsal: 12 lis 2010 10:01
od motji
Otestujte mi ještě ty dva soubory
. Chtěla jsme odstranit log z code, protože pro mě je to v tom zeleném nepřehledné a bolí mě z toho oči. Ale budiž, nějak to přelouskám, ať už je ta potvora pryč
Smažte
cache Opery/Firefoxu bud ručně nebo
ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/
- v menu nahoře vyberte
záložku Firefox / Opera a klikněte na ni
- zatrhněte
Select All a pak klikněte na
Empty Selected
pozor - přijdete o všechna hesla uložená ve FF /Opere!
- Na záložce
main zaškrtněte
All users temp a potvrdte
Empty selected
Pokud nemáte, přesuňte
Combofix na plochu
-otevřete si
Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
KillAll::
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\WINDOWS\system32\userinit.exe,"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"kjmhrduolucjpydzsqdhTaskMgr"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
"{1BB22D38-A411-4B13-A746-C2A4F4EC7344}"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7743081141267526.exe"=-
"C:\Documents and Settings\Oto\Application Data\download2\svcnost.exe"=-
"C:\DOCUME~1\Oto\LOCALS~1\Temp\google.exe"=-
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.861352149571458.exe"=-
"C:\DOCUME~1\Oto\LOCALS~1\Temp\0.088377577247019.exe"=-
C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7352492504799715.exe"=-
Collect::
c:\program files\microsoft\desktoplayer.exe
C:\DOCUME~1\Oto\LOCALS~1\Temp\22704062.txt
C:\Documents and Settings\Oto\Application Data\download2\svcnost.exe
C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7743081141267526.exe
C:\DOCUME~1\Oto\LOCALS~1\Temp\google.exe
C:\DOCUME~1\Oto\LOCALS~1\Temp\0.861352149571458.exe
C:\DOCUME~1\Oto\LOCALS~1\Temp\0.088377577247019.exe
C:\DOCUME~1\Oto\LOCALS~1\Temp\0.7352492504799715.exe
-uložte Vámi vytvořený TXT soubor jako
CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Re: DesktopLayer
Napsal: 12 lis 2010 12:06
od Dotard
ten vghd je v pohode, ten druhy je vir.
Re: DesktopLayer
Napsal: 12 lis 2010 12:11
od motji
Můžu vidět výsledek z virustotalu u toho zavirovaného souboru?