Preventivna kontrola

[hladac]

Zdravim
Mohol by som vas poprosit o kontolu logu? Dostal som po niekolkych rokoch chut si zahrat jednu hru, lenze ta hra je zavirena ...

Dakujem

Logfile of random's system information tool 1.06 (written by random/random)
Run by SIKO at 2010-01-28 17:19:37
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (18%) free of 40 GB
Total RAM: 1535 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:00, on 28.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\SIKO\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Documents and Settings\SIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SIKO\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\QIP Infium\infium.exe
C:\Documents and Settings\SIKO\My Documents\My Music\My Music\RSIT.exe
C:\Program Files\trend micro\HijackThis\SIKO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iplay.com/?o=shp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users.WINDOWS\Application Data\LangSoft\WebIE.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users.WINDOWS\Application Data\LangSoft\WebIE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SIKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users.WINDOWS\Application Data\LangSoft\WebIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Diner%20Dash%20-%20Seasonal%20Snack%20Pack/Images/stg_drm.ocx
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/5 ... oader4.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Diner%20Dash%20-%20Seasonal%20Snack%20Pack/Images/armhelper.ocx
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11209 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-963894560-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-963894560-682003330-1003UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{1BF71B22-E5F6-47C1-8D7A-530A34379A62}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users.WINDOWS\Application Data\LangSoft\WebIE.dll [2008-06-16 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
IEHlprObj Class - C:\Program Files\iWin Games\iWinGamesHookIE.dll [2010-01-21 141312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll [2009-12-08 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-17 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-17 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users.WINDOWS\Application Data\LangSoft\WebIE.dll [2008-06-16 503808]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll [2009-12-08 506720]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-01 67584]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [2009-12-08 240992]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-01-23 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Google Update"=C:\Documents and Settings\SIKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-06 133104]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

C:\Documents and Settings\All Users.WINDOWS\Ponuka Štart\Programy\Pri spustení
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

C:\Documents and Settings\SIKO\Start Menu\Programs\Startup
HDDlife.lnk - C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-17 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Games\Counter Strike 1.6\cstrike.exe"="D:\Games\Counter Strike 1.6\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"D:\Games\Counter Strike 1.6\hl.exe"="D:\Games\Counter Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Games\Counter Strike 1.6\hltv.exe"="D:\Games\Counter Strike 1.6\hltv.exe:*:Enabled:HLTV Launcher"
"D:\Games\Counter Strike 1.6\hlds.exe"="D:\Games\Counter Strike 1.6\hlds.exe:*:Enabled:HLDS Launcher"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:*:Enabled:BlueSoleil"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\OpenTTD\openttd.exe"="C:\Program Files\OpenTTD\openttd.exe:*:Enabled:OpenTTD"
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Documents and Settings\SIKO\Desktop\qipinfium9000full_slovak\infium.exe"="C:\Documents and Settings\SIKO\Desktop\qipinfium9000full_slovak\infium.exe:*:Enabled:QIP Infium Beta"
"C:\Program Files\GigaTribe\gigatribe.exe"="C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:gigatribe"
"D:\Games\american army\System\ArmyOps.exe"="D:\Games\american army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\Games\Counter Strike 1.6\valve\hl.exe"="D:\Games\Counter Strike 1.6\valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Cossacks 2 - Battle for Europe\Run\Data\engine.exe"="C:\Program Files\Cossacks 2 - Battle for Europe\Run\Data\engine.exe:*:Enabled:Cossacks 2: Battle for Europe"
"C:\Program Files\GSC Game World\Cossacks II\Data\engine.exe"="C:\Program Files\GSC Game World\Cossacks II\Data\engine.exe:*:Enabled:Cossacks 2: Napoleonic Wars"
"C:\Documents and Settings\SIKO\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\SIKO\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Games\Counter Strike 1.6\valve\hlds.exe"="D:\Games\Counter Strike 1.6\valve\hlds.exe:*:Enabled:HLDS Launcher"
"D:\Games\Counter Strike 1.6\valve\hltv.exe"="D:\Games\Counter Strike 1.6\valve\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe"="C:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\Program Files\CS 1.6 v48\hl.exe"="C:\Program Files\CS 1.6 v48\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\Games\Combat Arms - Instalacka\Combat Arms EU\CombatArms.exe"="D:\Games\Combat Arms - Instalacka\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Games\Combat Arms - Instalacka\Combat Arms EU\Engine.exe"="D:\Games\Combat Arms - Instalacka\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"D:\Games\Combat Arms - Instalacka\Combat Arms EU\NMService.exe"="D:\Games\Combat Arms - Instalacka\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"D:\Combat Arms\Combat Arms EU\CombatArms.exe"="D:\Combat Arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Combat Arms\Combat Arms EU\Engine.exe"="D:\Combat Arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"D:\Combat Arms\Combat Arms EU\NMService.exe"="D:\Combat Arms\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Battlefield 2 deluxe\bf2_w32ded.exe"="D:\Battlefield 2 deluxe\bf2_w32ded.exe:*:Enabled:bf2_w32ded"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\BF 2\BF2.exe"="D:\BF 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Warcraft III\Warcraft III.exe"="D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Warcraft III\Warcraft III\Warcraft III.exe"="D:\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\iWin Games\iWinGames.exe"="C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application."
"C:\Program Files\iWin Games\WebUpdater.exe"="C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Games\Combat Arms - Instalacka\Combat Arms EU\CombatArms.exe"="D:\Games\Combat Arms - Instalacka\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Games\Combat Arms - Instalacka\Combat Arms EU\Engine.exe"="D:\Games\Combat Arms - Instalacka\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"D:\Combat Arms\Combat Arms EU\CombatArms.exe"="D:\Combat Arms\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Combat Arms\Combat Arms EU\Engine.exe"="D:\Combat Arms\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2010-01-28 17:19:37 ----D---- C:\rsit
2010-01-28 16:19:37 ----D---- C:\Program Files\iWin Games
2010-01-26 11:24:18 ----A---- C:\WINDOWS\War3Unin.exe
2010-01-23 20:08:33 ----D---- C:\Program Files\LogMeIn Hamachi
2010-01-23 19:37:16 ----D---- C:\Documents and Settings\SIKO\Application Data\Avira
2010-01-23 19:33:33 ----D---- C:\Program Files\Avira
2010-01-23 00:13:41 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
2010-01-22 17:24:23 ----D---- C:\Documents and Settings\SIKO\Application Data\Nvu
2010-01-22 17:22:56 ----D---- C:\Program Files\Nvu
2010-01-22 02:33:06 ----A---- C:\WINDOWS\system32\xfcodec.dll
2010-01-18 23:04:54 ----D---- C:\Documents and Settings\SIKO\Application Data\Go-Go Gourmet Chef of the Year
2010-01-18 23:03:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Oberon Media
2010-01-18 22:49:31 ----D---- C:\Documents and Settings\SIKO\Application Data\BlamGames
2010-01-18 22:21:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\BigFishGamesCache
2010-01-18 21:58:05 ----D---- C:\Documents and Settings\SIKO\Application Data\BeachPartyCraze
2010-01-18 20:23:05 ----D---- C:\Documents and Settings\SIKO\Application Data\EleFun Games
2010-01-18 20:22:53 ----D---- C:\Program Files\Ask.com
2010-01-18 20:22:19 ----D---- C:\Program Files\AllGamesHome.com
2010-01-15 18:03:41 ----D---- C:\Documents and Settings\SIKO\Application Data\Jane s Hotel
2010-01-15 17:54:44 ----D---- C:\Program Files\iWin.com
2010-01-15 17:05:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\iWin Games
2010-01-15 16:38:09 ----D---- C:\Program Files\Microsoft
2010-01-15 16:38:07 ----D---- C:\Program Files\MSN Toolbar
2010-01-15 16:37:57 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-15 16:36:41 ----D---- C:\Program Files\MSN Toolbar Installer
2010-01-15 16:36:34 ----D---- C:\Program Files\Shockwave.com
2010-01-13 16:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 16:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-11 20:04:25 ----D---- C:\Program Files\AutoCAD 2007
2010-01-11 19:50:29 ----D---- C:\Program Files\Autodesk
2010-01-11 19:20:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision
2010-01-11 19:18:48 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-01-11 19:17:32 ----D---- C:\Program Files\AnswerWorks 4.0
2010-01-11 19:15:37 ----D---- C:\Program Files\Common Files\Autodesk Shared
2010-01-11 19:15:37 ----D---- C:\Program Files\AutoCAD 2004
2010-01-11 19:15:37 ----D---- C:\Documents and Settings\SIKO\Application Data\Autodesk
2010-01-11 19:15:37 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2010-01-09 07:52:25 ----D---- C:\GameHouse Games
2010-01-09 06:25:09 ----D---- C:\Documents and Settings\SIKO\Application Data\SpinTop
2010-01-09 04:50:09 ----D---- C:\Games
2010-01-05 22:34:54 ----D---- C:\Documents and Settings\SIKO\Application Data\TS3Client
2010-01-05 22:33:31 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-01-04 20:50:20 ----D---- C:\Program Files\Shock Utility
2010-01-04 20:50:07 ----A---- C:\WINDOWS\IFinst27.exe
2009-12-30 16:59:42 ----D---- C:\Documents and Settings\SIKO\Application Data\Happy Foto
2009-12-20 19:52:38 ----D---- C:\Program Files\Fotolab
2009-12-18 11:11:17 ----D---- C:\Documents and Settings\SIKO\Application Data\Xfire
2009-12-18 11:11:08 ----D---- C:\Program Files\Xfire
2009-12-17 18:41:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\HappyFoto
2009-12-17 18:40:42 ----D---- C:\Program Files\HappyFoto
2009-12-10 00:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 00:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 00:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 00:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 00:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-29 19:34:11 ----D---- C:\Program Files\ABC Transdict
2009-11-29 19:27:12 ----D---- C:\Documents and Settings\SIKO\Application Data\gtc
2009-11-25 08:21:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 08:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-12 20:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-07 00:20:02 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-11-07 00:18:46 ----D---- C:\Program Files\iPod
2009-11-07 00:18:23 ----D---- C:\Program Files\iTunes
2009-11-02 21:48:46 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-11-02 21:48:45 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-11-02 21:48:45 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-11-02 21:48:45 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-11-02 21:48:45 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-11-02 21:48:45 ----N---- C:\WINDOWS\system32\px.dll
2009-11-02 21:47:53 ----D---- C:\WINDOWS\system32\IOSUBSYS

======List of files/folders modified in the last 3 months======

2010-01-28 17:16:22 ----D---- C:\WINDOWS\Prefetch
2010-01-28 16:22:51 ----D---- C:\WINDOWS\TEMP
2010-01-28 16:19:37 ----RAD---- C:\Program Files
2010-01-28 15:22:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-28 14:17:36 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-28 07:36:00 ----D---- C:\WINDOWS
2010-01-27 16:47:56 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-27 10:46:57 ----D---- C:\Documents and Settings\SIKO\Application Data\uTorrent
2010-01-27 10:20:00 ----D---- C:\WINDOWS\Debug
2010-01-26 21:32:13 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-01-25 01:34:28 ----D---- C:\Documents and Settings\SIKO\Application Data\ICQ
2010-01-23 20:09:34 ----SHD---- C:\WINDOWS\Installer
2010-01-23 20:08:42 ----D---- C:\WINDOWS\system32\drivers
2010-01-23 20:08:18 ----D---- C:\Documents and Settings\SIKO\Application Data\Hamachi
2010-01-23 19:33:55 ----HD---- C:\WINDOWS\inf
2010-01-23 19:33:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2010-01-23 19:32:09 ----D---- C:\WINDOWS\WinSxS
2010-01-23 19:24:49 ----D---- C:\WINDOWS\system32
2010-01-23 00:17:39 ----D---- C:\Program Files\Alwil Software
2010-01-22 20:10:10 ----DC---- C:\WINDOWS\system32\dllcache
2010-01-22 20:10:05 ----D---- C:\Program Files\Internet Explorer
2010-01-22 20:09:12 ----D---- C:\WINDOWS\ie8updates
2010-01-22 20:03:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 14:17:08 ----D---- C:\Documents and Settings\SIKO\Application Data\Skype
2010-01-21 13:16:43 ----D---- C:\Documents and Settings\SIKO\Application Data\skypePM
2010-01-21 11:47:08 ----D---- C:\Program Files\Google
2010-01-20 16:57:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2010-01-20 16:56:19 ----D---- C:\Program Files\Common Files
2010-01-18 23:11:53 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-01-18 21:57:26 ----SD---- C:\WINDOWS\Tasks
2010-01-17 19:46:41 ----D---- C:\Program Files\RealArcade
2010-01-15 21:39:27 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-15 16:38:50 ----D---- C:\Documents and Settings\SIKO\Application Data\PlayFirst
2010-01-15 16:38:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
2010-01-15 16:38:11 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2010-01-15 16:37:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-14 21:53:24 ----SD---- C:\Documents and Settings\SIKO\Application Data\Microsoft
2010-01-14 18:38:20 ----D---- C:\Program Files\Common Files\Adobe
2010-01-14 18:38:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2010-01-13 17:50:23 ----D---- C:\WINDOWS\AppPatch
2010-01-11 20:11:00 ----RSD---- C:\WINDOWS\assembly
2010-01-11 20:09:14 ----RSD---- C:\WINDOWS\Fonts
2010-01-11 20:06:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-11 19:50:14 ----D---- C:\WINDOWS\system32\DirectX
2010-01-11 19:17:32 ----D---- C:\WINDOWS\system32\1033
2010-01-11 19:17:30 ----D---- C:\Program Files\Microsoft Office
2010-01-11 19:17:23 ----D---- C:\Program Files\Common Files\Designer
2010-01-11 19:16:19 ----D---- C:\WINDOWS\Help
2010-01-09 21:58:59 ----D---- C:\Program Files\Adobe
2010-01-09 21:58:43 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-08 19:47:41 ----D---- C:\Program Files\ICQ6.5
2010-01-06 17:14:44 ----D---- C:\Program Files\Mozilla Firefox
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-29 17:52:10 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-12-29 16:00:10 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-29 14:56:44 ----D---- C:\WINDOWS\Minidump
2009-12-29 14:55:46 ----SHD---- C:\System Volume Information
2009-12-29 14:55:46 ----D---- C:\WINDOWS\system32\Restore
2009-12-28 15:30:15 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-25 20:04:36 ----D---- C:\Program Files\OpenTTD
2009-12-21 20:14:05 ----A---- C:\WINDOWS\system32\wininet.dll
2009-12-21 20:14:05 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-12-21 20:14:04 ----A---- C:\WINDOWS\system32\occache.dll
2009-12-21 20:14:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-12-21 20:14:03 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-12-21 20:14:03 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-12-21 20:14:03 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-12-21 20:14:03 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-12-21 20:14:03 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-12-21 20:14:02 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-12-21 20:14:01 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-12-21 14:19:18 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-12-12 10:59:20 ----D---- C:\Documents and Settings\SIKO\Application Data\The Bat!
2009-12-10 09:07:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-17 21:50:24 ----A---- C:\WINDOWS\TRNCOM.INI
2009-11-16 00:42:22 ----D---- C:\Program Files\QIP Infium
2009-11-15 21:39:12 ----D---- C:\WINDOWS\system32\wbem
2009-11-14 23:09:10 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-11-12 20:09:14 ----A---- C:\WINDOWS\win.ini
2009-11-10 16:02:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2009-11-07 00:20:02 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-07 00:18:44 ----D---- C:\Program Files\Common Files\Apple
2009-11-07 00:14:45 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-01-23 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-23 28520]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2007-07-27 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-23 56816]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-01 626977]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-07-27 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 snpstd;VideoCAM Messenger; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-06-25 331008]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 az82nljp;az82nljp; C:\WINDOWS\system32\drivers\az82nljp.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 esihdrv;esihdrv; \??\C:\DOCUME~1\SIKO\LOCALS~1\Temp\esihdrv.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-11 47360]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2007-07-27 5888]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-01-23 194817]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-23 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-23 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-01-23 434945]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2010-01-11 54784]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-17 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-10 1028432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-29 75064]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2010-01-21 78104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-01-11 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-09 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[hladac]

Posielam log

ComboFix 10-01-28.05 - SIKO 29.01.2010 16:16:01.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1535.1012 [GMT 1:00]
Running from: c:\documents and settings\SIKO\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\SIKO\Application Data\inst.exe
c:\documents and settings\SIKO\Application Data\mdbu.bin
C:\LOG.TXT
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\sys
c:\windows\system32\muzapp.exe
c:\windows\system32\SIntf16.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-28 19:03 . 2010-01-28 19:03 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\Conduit
2010-01-28 19:02 . 2010-01-28 19:02 -------- d-----w- c:\program files\Conduit
2010-01-28 19:02 . 2010-01-28 19:03 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\iWin
2010-01-28 19:02 . 2010-01-28 19:03 -------- d-----w- c:\program files\iWin
2010-01-28 18:32 . 2010-01-28 19:03 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\AskToolbar
2010-01-28 16:19 . 2010-01-28 16:20 -------- d-----w- C:\rsit
2010-01-23 19:09 . 2010-01-25 15:42 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\LogMeIn Hamachi
2010-01-23 19:09 . 2010-01-29 15:25 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\LogMeIn Hamachi
2010-01-23 19:08 . 2010-01-23 19:08 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-23 18:39 . 2010-01-23 18:39 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Xfire
2010-01-23 18:37 . 2010-01-23 18:37 -------- d-----w- c:\documents and settings\SIKO\Application Data\Avira
2010-01-23 18:33 . 2010-01-23 18:31 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-23 18:33 . 2010-01-23 18:31 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-23 18:33 . 2010-01-23 18:31 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-23 18:33 . 2010-01-23 18:33 -------- d-----w- c:\program files\Avira
2010-01-22 23:13 . 2010-01-22 23:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-01-22 16:24 . 2010-01-22 16:24 -------- d-----w- c:\documents and settings\SIKO\Application Data\Nvu
2010-01-22 16:22 . 2010-01-22 16:23 -------- d-----w- c:\program files\Nvu
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-18 22:04 . 2010-01-18 22:05 -------- d-----w- c:\documents and settings\SIKO\Application Data\Go-Go Gourmet Chef of the Year
2010-01-18 22:03 . 2010-01-18 22:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Oberon Media
2010-01-18 21:49 . 2010-01-18 21:49 -------- d-----w- c:\documents and settings\SIKO\Application Data\BlamGames
2010-01-18 21:21 . 2010-01-18 21:44 3054384 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-01-18 21:21 . 2010-01-18 21:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache
2010-01-18 20:58 . 2010-01-18 20:59 -------- d-----w- c:\documents and settings\SIKO\Application Data\BeachPartyCraze
2010-01-18 19:23 . 2010-01-18 19:23 -------- d-----w- c:\documents and settings\SIKO\Application Data\EleFun Games
2010-01-18 19:22 . 2010-01-18 20:57 -------- d-----w- c:\program files\Ask.com
2010-01-18 19:22 . 2010-01-18 21:03 -------- d-----w- c:\program files\AllGamesHome.com
2010-01-15 20:04 . 2010-01-15 20:04 -------- d-----w- c:\documents and settings\SIKO\logs
2010-01-15 17:03 . 2010-01-15 17:03 -------- d-----w- c:\documents and settings\SIKO\Application Data\Jane s Hotel
2010-01-15 16:54 . 2010-01-28 18:54 -------- d-----w- c:\program files\iWin.com
2010-01-15 16:05 . 2010-01-15 16:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\iWin Games
2010-01-15 15:38 . 2010-01-15 15:38 -------- d-----w- c:\program files\Microsoft
2010-01-15 15:38 . 2010-01-15 15:38 -------- d-----w- c:\program files\MSN Toolbar
2010-01-15 15:37 . 2010-01-21 10:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-15 15:36 . 2010-01-15 15:38 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-01-15 15:36 . 2010-01-17 18:48 -------- d-----w- c:\program files\Shockwave.com
2010-01-13 14:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 18:50 . 2010-01-11 18:50 -------- d-----w- c:\program files\Autodesk
2010-01-11 18:20 . 2010-01-11 18:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Macrovision
2010-01-11 18:17 . 2010-01-11 19:04 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\Autodesk
2010-01-11 18:15 . 2010-01-28 17:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Autodesk
2010-01-11 18:15 . 2010-01-28 17:24 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-11 18:15 . 2010-01-28 16:55 -------- d-----w- c:\program files\AutoCAD 2004
2010-01-11 18:15 . 2010-01-11 19:04 -------- d-----w- c:\documents and settings\SIKO\Application Data\Autodesk
2010-01-09 20:58 . 2010-01-09 20:58 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-09 06:52 . 2010-01-17 18:46 -------- d-----w- C:\GameHouse Games
2010-01-09 05:25 . 2010-01-09 05:25 -------- d-----w- c:\documents and settings\SIKO\Application Data\SpinTop
2010-01-09 03:50 . 2010-01-09 06:28 -------- d-----w- C:\Games
2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\spongebob-diner-dash-2_s1_l1_gF2157T1L1_d759576380.exe
2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\lovely-kitchen_s1_l1_gF5060T1L1_d759598608.exe
2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\lovely-kitchen_s1_l1_gF5060T1L1_d759594497.exe
2010-01-06 20:07 . 2010-01-06 20:07 2997384 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
2010-01-05 21:34 . 2010-01-22 12:17 -------- d-----w- c:\documents and settings\SIKO\Application Data\TS3Client
2010-01-05 21:33 . 2010-01-22 12:19 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-01-04 19:50 . 2010-01-04 19:50 -------- d-----w- c:\program files\Shock Utility
2010-01-04 19:50 . 2010-01-04 19:50 65536 ----a-w- c:\windows\IFinst27.exe
2009-12-30 15:59 . 2010-01-15 16:52 -------- d-----w- c:\documents and settings\SIKO\Application Data\Happy Foto

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 15:23 . 2008-12-12 19:14 -------- d-----w- c:\program files\ICQ6.5
2010-01-29 15:01 . 2009-12-18 10:11 -------- d-----w- c:\program files\Xfire
2010-01-29 13:29 . 2008-09-08 11:24 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-29 13:26 . 2008-09-08 11:24 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-29 13:12 . 2008-03-07 18:57 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-28 18:54 . 2008-05-16 14:51 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-01-27 09:46 . 2008-04-20 16:53 -------- d-----w- c:\documents and settings\SIKO\Application Data\uTorrent
2010-01-26 22:27 . 2009-12-18 10:11 -------- d-----w- c:\documents and settings\SIKO\Application Data\Xfire
2010-01-25 00:34 . 2008-03-07 13:32 -------- d-----w- c:\documents and settings\SIKO\Application Data\ICQ
2010-01-23 19:08 . 2008-04-05 09:42 -------- d-----w- c:\documents and settings\SIKO\Application Data\Hamachi
2010-01-23 18:33 . 2009-05-22 18:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2010-01-23 18:31 . 2009-05-22 18:48 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-22 23:17 . 2009-07-15 11:43 -------- d-----w- c:\program files\Alwil Software
2010-01-21 13:17 . 2008-03-07 18:04 -------- d-----w- c:\documents and settings\SIKO\Application Data\Skype
2010-01-21 12:16 . 2008-06-07 19:38 -------- d-----w- c:\documents and settings\SIKO\Application Data\skypePM
2010-01-21 10:53 . 2009-03-02 15:02 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SACore
2010-01-21 10:47 . 2009-02-27 17:08 -------- d-----w- c:\program files\Google
2010-01-17 18:46 . 2009-02-27 17:07 -------- d-----w- c:\program files\RealArcade
2010-01-15 15:38 . 2009-02-28 17:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2010-01-15 15:38 . 2009-02-28 15:58 -------- d-----w- c:\documents and settings\SIKO\Application Data\PlayFirst
2010-01-14 17:38 . 2006-04-12 13:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-11 19:13 . 2008-03-07 02:21 79192 ----a-w- c:\documents and settings\SIKO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-09 20:58 . 2009-06-01 16:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-09 20:58 . 2009-06-01 16:27 38784 ----a-w- c:\documents and settings\SIKO\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-30 15:59 . 2009-12-17 17:40 -------- d-----w- c:\program files\HappyFoto
2009-12-29 16:52 . 2008-09-08 11:23 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-29 15:00 . 2006-04-04 10:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 14:05 . 2009-12-29 14:04 1872 ----a-w- C:\cc_20091229_150454.reg
2009-12-29 14:04 . 2009-12-29 14:04 117764 ----a-w- C:\cc_20091229_150426.reg
2009-12-25 22:26 . 2009-12-25 22:24 52224 ----a-w- c:\documents and settings\SIKO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-25 22:26 . 2009-03-13 16:12 117760 ----a-w- c:\documents and settings\SIKO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-25 19:04 . 2008-05-29 19:54 -------- d-----w- c:\program files\OpenTTD
2009-12-21 19:14 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 18:52 . 2009-12-20 18:52 -------- d-----w- c:\program files\Fotolab
2009-12-17 17:41 . 2009-12-17 17:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HappyFoto
2009-12-12 09:59 . 2008-10-23 19:19 -------- d-----w- c:\documents and settings\SIKO\Application Data\The Bat!
2009-12-11 15:34 . 2009-10-10 19:40 3695616 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-21 15:51 . 2007-07-27 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-07 00:55 . 2009-11-07 00:55 120704 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-26 14:27 . 2009-09-23 17:27 64090144 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\iWin\tbiWin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-11-18 17:40 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-11-18 1196936]
"{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}"= "c:\program files\iWin\tbiWin.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\SIKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-06 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-08 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-01-23 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-07-27 44544]

c:\documents and settings\SIKO\Start Menu\Programs\Startup\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2007-4-5 1125328]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-17 11:51 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Documents and Settings\\SIKO\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\BF 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18.9.2009 23:22 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 9:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 9:33 74480]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23.1.2010 19:33 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23.1.2010 19:33 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [23.1.2010 19:33 434945]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 15:49 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2.3.2009 16:01 206096]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.7.2008 13:53 721904]
S3 esihdrv;esihdrv;\??\c:\docume~1\SIKO\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\SIKO\LOCALS~1\Temp\esihdrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 9:33 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:40]

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-963894560-682003330-1003Core.job
- c:\documents and settings\SIKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-15 13:44]

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-963894560-682003330-1003UA.job
- c:\documents and settings\SIKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-15 13:44]

2010-01-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-18 17:40]

2010-01-29 c:\windows\Tasks\User_Feed_Synchronization-{1BF71B22-E5F6-47C1-8D7A-530A34379A62}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.iplay.com/?o=shp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All Files by HiDownload - c:\program files\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\HiDownload\HDGet.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users.WINDOWS\Application Data\LangSoft\WebIE.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\SIKO\Application Data\Mozilla\Firefox\Profiles\g55xgzrf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\SIKO\Application Data\Mozilla\Firefox\Profiles\g55xgzrf.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\SIKO\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMyGames.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-EAX Unified - c:\program files\Creative\EAX Unified\Uninst.isu
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 16:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(664)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2010-01-29 16:30:15
ComboFix-quarantined-files.txt 2010-01-29 15:29

Pre-Run: 9 585 807 360 bytes free
Post-Run: 18 adresárov, 11 902 210 048 voľných bajtov

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

Current=7 Default=7 Failed=1 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - ABD87C00F1B6BC563F0675F4070F2BA5

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[hladac]

Vsetko urobeno podla vasich rad. Prikladam log ktory vznikol.

ComboFix 10-01-28.05 - SIKO 29.01.2010 22:40:00.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1535.1135 [GMT 1:00]
Running from: c:\documents and settings\SIKO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SIKO\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-29 20:37 . 2010-01-29 20:38 -------- d-----w- c:\program files\Retro64 Games
2010-01-28 19:03 . 2010-01-28 19:03 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\Conduit
2010-01-28 19:02 . 2010-01-28 19:02 -------- d-----w- c:\program files\Conduit
2010-01-28 19:02 . 2010-01-28 19:03 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\iWin
2010-01-28 19:02 . 2010-01-28 19:03 -------- d-----w- c:\program files\iWin
2010-01-28 18:32 . 2010-01-29 16:28 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\AskToolbar
2010-01-28 16:19 . 2010-01-28 16:20 -------- d-----w- C:\rsit
2010-01-23 19:09 . 2010-01-25 15:42 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\LogMeIn Hamachi
2010-01-23 19:09 . 2010-01-29 21:48 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\LogMeIn Hamachi
2010-01-23 19:08 . 2010-01-23 19:08 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-23 18:39 . 2010-01-23 18:39 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Xfire
2010-01-23 18:37 . 2010-01-23 18:37 -------- d-----w- c:\documents and settings\SIKO\Application Data\Avira
2010-01-23 18:33 . 2010-01-23 18:31 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-23 18:33 . 2010-01-23 18:31 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-23 18:33 . 2010-01-23 18:31 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-23 18:33 . 2010-01-23 18:33 -------- d-----w- c:\program files\Avira
2010-01-22 23:13 . 2010-01-22 23:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-01-22 16:24 . 2010-01-22 16:24 -------- d-----w- c:\documents and settings\SIKO\Application Data\Nvu
2010-01-22 16:22 . 2010-01-22 16:23 -------- d-----w- c:\program files\Nvu
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-18 22:04 . 2010-01-18 22:05 -------- d-----w- c:\documents and settings\SIKO\Application Data\Go-Go Gourmet Chef of the Year
2010-01-18 22:03 . 2010-01-18 22:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Oberon Media
2010-01-18 21:49 . 2010-01-18 21:49 -------- d-----w- c:\documents and settings\SIKO\Application Data\BlamGames
2010-01-18 21:21 . 2010-01-29 20:33 3054384 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-01-18 21:21 . 2010-01-18 21:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache
2010-01-18 20:58 . 2010-01-18 20:59 -------- d-----w- c:\documents and settings\SIKO\Application Data\BeachPartyCraze
2010-01-18 19:23 . 2010-01-18 19:23 -------- d-----w- c:\documents and settings\SIKO\Application Data\EleFun Games
2010-01-18 19:22 . 2010-01-18 21:03 -------- d-----w- c:\program files\AllGamesHome.com
2010-01-15 20:04 . 2010-01-15 20:04 -------- d-----w- c:\documents and settings\SIKO\logs
2010-01-15 17:03 . 2010-01-15 17:03 -------- d-----w- c:\documents and settings\SIKO\Application Data\Jane s Hotel
2010-01-15 16:54 . 2010-01-28 18:54 -------- d-----w- c:\program files\iWin.com
2010-01-15 16:05 . 2010-01-15 16:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\iWin Games
2010-01-15 15:38 . 2010-01-15 15:38 -------- d-----w- c:\program files\Microsoft
2010-01-15 15:38 . 2010-01-15 15:38 -------- d-----w- c:\program files\MSN Toolbar
2010-01-15 15:37 . 2010-01-21 10:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-15 15:36 . 2010-01-15 15:38 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-01-15 15:36 . 2010-01-17 18:48 -------- d-----w- c:\program files\Shockwave.com
2010-01-13 14:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 18:50 . 2010-01-11 18:50 -------- d-----w- c:\program files\Autodesk
2010-01-11 18:20 . 2010-01-11 18:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Macrovision
2010-01-11 18:17 . 2010-01-11 19:04 -------- d-----w- c:\documents and settings\SIKO\Local Settings\Application Data\Autodesk
2010-01-11 18:15 . 2010-01-28 17:24 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Autodesk
2010-01-11 18:15 . 2010-01-28 17:24 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-11 18:15 . 2010-01-28 16:55 -------- d-----w- c:\program files\AutoCAD 2004
2010-01-11 18:15 . 2010-01-11 19:04 -------- d-----w- c:\documents and settings\SIKO\Application Data\Autodesk
2010-01-09 20:58 . 2010-01-09 20:58 38784 ----a-w- c:\documents and settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-09 06:52 . 2010-01-29 20:19 -------- d-----w- C:\GameHouse Games
2010-01-09 05:25 . 2010-01-09 05:25 -------- d-----w- c:\documents and settings\SIKO\Application Data\SpinTop
2010-01-09 03:50 . 2010-01-09 06:28 -------- d-----w- C:\Games
2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\wedding-dash-2-rings-around-world-game_s1_l1_gF2480T1L1_d771988212.exe
2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\wedding-dash-2-rings-around-world-game_s1_l1_gF2480T1L1_d771986382.exe
2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\spongebob-diner-dash-2_s1_l1_gF2157T1L1_d759576380.exe
2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\lovely-kitchen_s1_l1_gF5060T1L1_d759598608.exe
2010-01-06 20:07 . 2010-01-06 20:07 143264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\stub\lovely-kitchen_s1_l1_gF5060T1L1_d759594497.exe
2010-01-06 20:07 . 2010-01-06 20:07 2997384 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
2010-01-05 21:34 . 2010-01-22 12:17 -------- d-----w- c:\documents and settings\SIKO\Application Data\TS3Client
2010-01-05 21:33 . 2010-01-22 12:19 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-01-04 19:50 . 2010-01-04 19:50 -------- d-----w- c:\program files\Shock Utility
2010-01-04 19:50 . 2010-01-04 19:50 65536 ----a-w- c:\windows\IFinst27.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 20:40 . 2009-02-28 15:58 -------- d-----w- c:\documents and settings\SIKO\Application Data\PlayFirst
2010-01-29 20:21 . 2009-02-28 17:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\PlayFirst
2010-01-29 20:20 . 2009-02-27 17:08 -------- d-----w- c:\program files\Google
2010-01-29 20:18 . 2009-02-27 17:07 -------- d-----w- c:\program files\RealArcade
2010-01-29 15:57 . 2009-01-20 13:51 -------- d-----w- c:\program files\TeamViewer3
2010-01-29 15:23 . 2008-12-12 19:14 -------- d-----w- c:\program files\ICQ6.5
2010-01-29 15:01 . 2009-12-18 10:11 -------- d-----w- c:\program files\Xfire
2010-01-29 13:29 . 2008-09-08 11:24 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-29 13:26 . 2008-09-08 11:24 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-29 13:12 . 2008-03-07 18:57 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-28 18:54 . 2008-05-16 14:51 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-01-27 09:46 . 2008-04-20 16:53 -------- d-----w- c:\documents and settings\SIKO\Application Data\uTorrent
2010-01-26 22:27 . 2009-12-18 10:11 -------- d-----w- c:\documents and settings\SIKO\Application Data\Xfire
2010-01-25 00:34 . 2008-03-07 13:32 -------- d-----w- c:\documents and settings\SIKO\Application Data\ICQ
2010-01-23 19:08 . 2008-04-05 09:42 -------- d-----w- c:\documents and settings\SIKO\Application Data\Hamachi
2010-01-23 18:33 . 2009-05-22 18:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2010-01-23 18:31 . 2009-05-22 18:48 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-22 23:17 . 2009-07-15 11:43 -------- d-----w- c:\program files\Alwil Software
2010-01-21 13:17 . 2008-03-07 18:04 -------- d-----w- c:\documents and settings\SIKO\Application Data\Skype
2010-01-21 12:16 . 2008-06-07 19:38 -------- d-----w- c:\documents and settings\SIKO\Application Data\skypePM
2010-01-21 10:53 . 2009-03-02 15:02 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SACore
2010-01-15 16:52 . 2009-12-30 15:59 -------- d-----w- c:\documents and settings\SIKO\Application Data\Happy Foto
2010-01-14 17:38 . 2006-04-12 13:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-11 19:13 . 2008-03-07 02:21 79192 ----a-w- c:\documents and settings\SIKO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-09 20:58 . 2009-06-01 16:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-09 20:58 . 2009-06-01 16:27 38784 ----a-w- c:\documents and settings\SIKO\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-30 15:59 . 2009-12-17 17:40 -------- d-----w- c:\program files\HappyFoto
2009-12-29 16:52 . 2008-09-08 11:23 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-29 15:00 . 2006-04-04 10:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 14:05 . 2009-12-29 14:04 1872 ----a-w- C:\cc_20091229_150454.reg
2009-12-29 14:04 . 2009-12-29 14:04 117764 ----a-w- C:\cc_20091229_150426.reg
2009-12-25 22:26 . 2009-12-25 22:24 52224 ----a-w- c:\documents and settings\SIKO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-25 22:26 . 2009-03-13 16:12 117760 ----a-w- c:\documents and settings\SIKO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-25 19:04 . 2008-05-29 19:54 -------- d-----w- c:\program files\OpenTTD
2009-12-21 19:14 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 18:52 . 2009-12-20 18:52 -------- d-----w- c:\program files\Fotolab
2009-12-17 17:41 . 2009-12-17 17:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HappyFoto
2009-12-12 09:59 . 2008-10-23 19:19 -------- d-----w- c:\documents and settings\SIKO\Application Data\The Bat!
2009-12-11 15:34 . 2009-10-10 19:40 3695616 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-21 15:51 . 2007-07-27 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-07 00:55 . 2009-11-07 00:55 120704 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-26 14:27 . 2009-09-23 17:27 64090144 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-29_15.25.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-29 21:36 . 2010-01-29 21:36 16384 c:\windows\TEMP\Perflib_Perfdata_1fc.dat
+ 2009-10-24 20:59 . 2010-01-29 21:30 87716 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
- 2009-07-21 08:02 . 2009-07-21 08:02 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2010-01-18 07:10 . 2010-01-18 07:10 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2010-01-18 06:38 . 2010-01-18 06:38 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2009-07-21 06:59 . 2009-07-21 06:59 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2010-01-18 07:25 . 2010-01-18 07:25 65816 c:\windows\system32\Adobe\Director\SWDNLD.EXE
- 2009-07-21 08:04 . 2009-07-21 08:04 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-01-18 07:12 . 2010-01-18 07:12 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2010-01-18 06:38 . 2010-01-18 06:38 136568 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2010-01-18 07:10 . 2010-01-18 07:10 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2009-07-21 08:07 . 2009-07-21 08:07 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2010-01-18 07:23 . 2010-01-18 07:23 459032 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1156606.exe
- 2009-07-21 08:07 . 2009-07-21 08:07 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2010-01-18 07:12 . 2010-01-18 07:12 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2010-01-18 07:11 . 2010-01-18 07:11 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
- 2009-07-21 08:02 . 2009-07-21 08:02 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2010-01-18 06:38 . 2010-01-18 06:38 742912 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2010-01-18 07:10 . 2010-01-18 07:10 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2010-01-18 07:24 . 2010-01-18 07:24 213272 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2010-01-18 07:12 . 2010-01-18 07:12 135168 c:\windows\system32\Adobe\Director\np32dsw.dll
- 2009-07-21 07:07 . 2009-07-21 07:07 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2010-01-18 06:44 . 2010-01-18 06:44 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2010-01-18 06:38 . 2010-01-18 06:38 1975408 c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2009-07-21 07:12 . 2009-07-21 07:12 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2010-01-18 06:48 . 2010-01-18 06:48 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\iWin\tbiWin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}"= "c:\program files\iWin\tbiWin.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\SIKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-06 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 67584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-08 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-01-23 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2007-07-27 44544]

c:\documents and settings\SIKO\Start Menu\Programs\Startup\
HDDlife.lnk - c:\program files\BinarySense\HDDlife\HDDlifePro.exe [2007-4-5 1125328]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-17 11:51 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Documents and Settings\\SIKO\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\BF 2\\BF2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18.9.2009 23:22 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [28.5.2008 9:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 9:33 74480]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [23.1.2010 19:33 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23.1.2010 19:33 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [23.1.2010 19:33 434945]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 15:49 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2.3.2009 16:01 206096]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.7.2008 13:53 721904]
S3 esihdrv;esihdrv;\??\c:\docume~1\SIKO\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\SIKO\LOCALS~1\Temp\esihdrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 9:33 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:40]

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-963894560-682003330-1003Core.job
- c:\documents and settings\SIKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-15 13:44]

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-963894560-682003330-1003UA.job
- c:\documents and settings\SIKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-15 13:44]

2010-01-29 c:\windows\Tasks\User_Feed_Synchronization-{1BF71B22-E5F6-47C1-8D7A-530A34379A62}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.iplay.com/?o=shp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All Files by HiDownload - c:\program files\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\HiDownload\HDGet.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users.WINDOWS\Application Data\LangSoft\WebIE.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\SIKO\Application Data\Mozilla\Firefox\Profiles\g55xgzrf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AGH&o=15581&locale=en_US&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\SIKO\Application Data\Mozilla\Firefox\Profiles\g55xgzrf.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\SIKO\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMyGames.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 22:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(664)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2010-01-29 22:52:18
ComboFix-quarantined-files.txt 2010-01-29 21:52
ComboFix2.txt 2010-01-29 15:30

Pre-Run: 11 745 370 112 bytes free
Post-Run: 18 adresárov, 11 752 169 472 voľných bajtov

Current=7 Default=7 Failed=1 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - DC7B0E73CD7EC7C406C963BA5A78FFEC

[Rudy]

Smazáno, log již vypadá čistý.

[hladac]

Dakujem Vam velmi pekne.

[Rudy]

Nemáte zač!