Logfile of random's system information tool 1.06 (written by random/random)
Run by erik at 2010-03-17 22:50:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (59%) free of 78 GB
Total RAM: 511 MB (13% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:59, on 17. 3. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
C:\Program Files\EA GAMES\Daemon tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\erik\My Documents\ZMAZ\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\erik.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azet.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
R3 - URLSearchHook: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\5856\1941\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\EA GAMES\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM605.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8752908578
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5836409578
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} (ERViewerOCX Control) - http://87.197.109.28/MP4DVR.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Access Connection Manager RasManWZCSVC (RasManWZCSVC) - Unknown owner - C:\WINDOWS\system32\accwizc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
O24 - Desktop Component 0: (no name) - http://webmail.t-com.sk/imx/attach2.gif
--
End of file - 13946 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan for erik.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EF6288DF-0734-41B2-AA38-A155FC859CA2}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL [2007-12-27 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\5856\1941\toolbaru.dll [2008-03-09 824656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2007-12-27 376901]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
PageRage Toolbar - C:\Program Files\PageRage\tbPag1.dll [2010-02-12 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-04 764912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-07-10 732672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll [2009-10-27 194912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-02-15 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-07-19 342600]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My &Web Search - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2007-12-27 376901]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2010-02-15 2349080]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]
{9565115d-c7d6-46d3-bd63-b67b481a4368} - PageRage Toolbar - C:\Program Files\PageRage\tbPag1.dll [2010-02-12 2349080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-06-09 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-10-06 161096]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-12-14 176128]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2007-12-27 28672]
"DAEMON Tools-1033"=C:\Program Files\EA GAMES\Daemon tools\daemon.exe [2004-08-22 81920]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"CnxDslTaskBar"=C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe [2004-06-16 233472]
"SGPUpdater"=C:\Program Files\Search Guard PlusU\sgpUpdaters.exe [2009-05-15 67456]
"FBSearch"=C:\Program Files\Search Guard Plus\SearchGuardPlus.exe [2009-05-04 194432]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"sysgif32"=C:\WINDOWS\TEMP\~TM605.tmp []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2007-12-27 28672]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-08 68856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Documents and Settings\erik\Start Menu\Programs\Startup
winesm32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
crypts.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-10-06 83272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"system"=kdarf.exe []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Doom 3\Doom3Ded.exe"="C:\Program Files\Doom 3\Doom3Ded.exe:*:Disabled:DOOM 3"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\80exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\80exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\47exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\47exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\52exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\52exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\39exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\39exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\76exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\76exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\5exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\5exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\74exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\74exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\88exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\88exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\1exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\1exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\17exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\17exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\10exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\10exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\28exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\28exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\77exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\77exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\93exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\93exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\48exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\48exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\13exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\13exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\18exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\18exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\4exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\4exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\23exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\23exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\34exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\34exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\21exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\21exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\79exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\79exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\71exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\71exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\6exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\6exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\98exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\98exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\56exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\56exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\32exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\32exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\96exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\96exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\58exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\58exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\89exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\89exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\27exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\27exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\92exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\92exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\42exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\42exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\24exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\24exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\53exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\53exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\16exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\16exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\68exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\68exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\45exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\45exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\9exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\9exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\31exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\31exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\59exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\59exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\46exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\46exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\83exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\83exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\38exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\38exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\82exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\82exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\8exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\8exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\55exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\55exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\67exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\67exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\3exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\3exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\49exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\49exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\54exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\54exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\2exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\2exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\81exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\81exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\73exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\73exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\40exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\40exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\22exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\22exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\20exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\20exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\14exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\14exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\25exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\25exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\99exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\99exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\61exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\61exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\75exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\75exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\26exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\26exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\97exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\97exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\94exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\94exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\69exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\69exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\41exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\41exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\66exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\66exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\33exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\33exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\63exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\63exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\85exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\85exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\29exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\29exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\0exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\0exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\70exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\70exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\91exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\91exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\62exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\62exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\57exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\57exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\72exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\72exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\37exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\37exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\36exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\36exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\35exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\35exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\50exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\50exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\84exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\84exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\87exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\87exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\64exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\64exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\68ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\68ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\29ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\29ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\59ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\59ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\54ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\54ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\81ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\81ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\56ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\56ex3.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\43ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\43ex3.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\5ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\5ex3.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\8ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\8ex3.modul32.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-03-17 22:52:40 ----D---- C:\Program Files\trend micro
2010-03-17 22:50:04 ----D---- C:\rsit
2010-03-17 19:53:02 ----D---- C:\Program Files\Wise Registry Cleaner
2010-03-17 18:30:27 ----SHD---- C:\WINDOWS\CSC
2010-03-17 18:30:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-14 10:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-05 21:56:13 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-01 11:38:30 ----SHD---- C:\found.000
2010-02-25 09:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
======List of files/folders modified in the last 1 months======
2010-03-17 22:53:27 ----D---- C:\WINDOWS\Prefetch
2010-03-17 22:52:40 ----RD---- C:\Program Files
2010-03-17 22:47:19 ----D---- C:\Program Files\Symantec AntiVirus
2010-03-17 22:47:10 ----D---- C:\WINDOWS
2010-03-17 22:46:16 ----D---- C:\WINDOWS\Temp
2010-03-17 22:21:16 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-17 21:55:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-17 21:55:14 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-17 21:54:24 ----D---- C:\WINDOWS\system32
2010-03-17 21:52:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-17 18:32:07 ----D---- C:\Program Files\Norton Security Scan
2010-03-15 20:11:59 ----D---- C:\Program Files\Google
2010-03-15 20:11:03 ----D---- C:\WINDOWS\system32\drivers
2010-03-15 19:56:03 ----D---- C:\Program Files\Fotolab
2010-03-15 19:29:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-15 18:16:28 ----D---- C:\Program Files\Common Files
2010-03-15 18:16:27 ----SHD---- C:\WINDOWS\Installer
2010-03-15 18:01:45 ----D---- C:\Program Files\Microsoft Games
2010-03-15 17:53:50 ----D---- C:\Program Files\DivX
2010-03-15 17:46:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-03-15 17:46:23 ----SD---- C:\WINDOWS\Tasks
2010-03-14 13:01:02 ----A---- C:\WINDOWS\win.ini
2010-03-14 10:54:17 ----HD---- C:\WINDOWS\inf
2010-03-14 10:53:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-14 10:53:58 ----D---- C:\Program Files\Movie Maker
2010-03-14 10:53:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 16:41:00 ----D---- C:\Documents and Settings\erik\Application Data\ICQ
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-25 09:15:28 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 09:15:24 ----D---- C:\WINDOWS\ie8updates
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-06-11 263736]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-01-04 51072]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100316.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100316.003\navex15.sys []
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-06-06 9856]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-05-14 10345]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-06-11 16280]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-06-09 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-06-09 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-10-06 30024]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-10-06 173392]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-10-06 1275216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 RasManWZCSVC;Remote Access Connection Manager RasManWZCSVC; C:\WINDOWS\system32\accwizc.exe srv []
S2 Windows Log;Windows Log; C:\WINDOWS\system32\nvsvcd.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-06-09 87160]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-06-11 201944]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Zdravím 
Na logu se pracuje, prosím o strpení.
Na logu se pracuje, prosím o strpení.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229- Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
- Nic nemažte
MBAM má občas falešné detekce a mohl by smazat např. systémové soubory. - Log vložte sem.
Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Dakujem za odpoved. Pozadovany log dodam az podvecer. 
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Odinstaloval som nasledovne toolbary:
ICQ6Toolbar
Google Toolbar
BS Player Toolbar
PageRage Toolbar
Yahoo! Toolbar
a pocitac sa zacal chovat normalne. CPU uz nie je na 100%, akurat obcas pocitac vytuhne.
Priladam log z MBAMu z full scanu:
______________________________________
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3883
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18. 3. 2010 19:52:58
mbam-log-2010-03-18 (19-52-42).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 249290
Uplynulý èas: 1 hour(s), 1 minute(s), 49 second(s)
Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 1
Infikované klíèe registru: 166
Infikované hodnoty registru: 10
Infikované datové položky registru: 5
Infikované adresáøe: 29
Infikované soubory: 97
Infikované procesy v pamìti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v pamìti:
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
Infikované klíèe registru:
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea3-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad7fafb0-16d6-40c3-af27-585d6e6453fd} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdarf.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.110 85.255.112.175 -> No action taken.
Infikované adresáøe:
C:\Documents and Settings\All Users\Application Data\11341094 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\erik\Application Data\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Application Data\FunWebProducts\Data\erik (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Start Menu\Programs\Total Security (Rogue.TotalSecurity) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar\3.10.3.13450 (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar\3.10.3.13450\bin (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> No action taken.
Infikované soubory:
C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\winesm32.exe (Worm.KoobFace) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Application Data\11341094\11341094.rar (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\erik\Application Data\FunWebProducts\Data\erik\register.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\012DE566.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0003327B (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000C3127 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004D944A.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004D95F0.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004D9757.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006CD3FC (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006CD6EA.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006CD851.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006CDA55.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006D0D7B.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006F5DA4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006F6006.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006F619C.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006F6342.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Start Menu\Programs\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar\3.10.3.13450\bin\stbup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\Documents and Settings\erik\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Program Files\ICQToolbar\5856\1941\toolbaru.dll (Trojan.BHO) -> No action taken.
ICQ6Toolbar
Google Toolbar
BS Player Toolbar
PageRage Toolbar
Yahoo! Toolbar
a pocitac sa zacal chovat normalne. CPU uz nie je na 100%, akurat obcas pocitac vytuhne.
Priladam log z MBAMu z full scanu:
______________________________________
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3883
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
18. 3. 2010 19:52:58
mbam-log-2010-03-18 (19-52-42).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 249290
Uplynulý èas: 1 hour(s), 1 minute(s), 49 second(s)
Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 1
Infikované klíèe registru: 166
Infikované hodnoty registru: 10
Infikované datové položky registru: 5
Infikované adresáøe: 29
Infikované soubory: 97
Infikované procesy v pamìti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v pamìti:
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
Infikované klíèe registru:
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea3-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad7fafb0-16d6-40c3-af27-585d6e6453fd} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdarf.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.110 85.255.112.175 -> No action taken.
Infikované adresáøe:
C:\Documents and Settings\All Users\Application Data\11341094 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\erik\Application Data\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Application Data\FunWebProducts\Data\erik (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Start Menu\Programs\Total Security (Rogue.TotalSecurity) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar\3.10.3.13450 (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar\3.10.3.13450\bin (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> No action taken.
Infikované soubory:
C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\winesm32.exe (Worm.KoobFace) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Application Data\11341094\11341094.rar (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\erik\Application Data\FunWebProducts\Data\erik\register.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\012DE566.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0003327B (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000C3127 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004D944A.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004D95F0.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004D9757.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006CD3FC (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006CD6EA.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006CD851.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006CDA55.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006D0D7B.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006F5DA4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006F6006.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006F619C.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\006F6342.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\erik\Start Menu\Programs\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar\3.10.3.13450\bin\stbup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\Documents and Settings\erik\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Program Files\ICQToolbar\5856\1941\toolbaru.dll (Trojan.BHO) -> No action taken.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Vše, co našel MBAM smažte a restartujte PC. Dejte nový log z RSIT.Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Pocitac pocas mazania vystupu z MBAMu vytuhol. Najskor vyletelo CPU na 100%, neskor prestal pocitac celkom reagovat. Neslo ho shutdownut, musel som ho natvrdo vypnut. Mazanie vystupu z MBAMu teda nezbehlo do konca.
Tu je novy log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by erik at 2010-03-18 20:18:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (58%) free of 78 GB
Total RAM: 511 MB (10% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:03, on 18. 3. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
C:\Program Files\EA GAMES\Daemon tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\erik\My Documents\ZMAZ\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\erik.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azet.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\5856\1941\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\EA GAMES\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM605.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8752908578
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5836409578
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} (ERViewerOCX Control) - http://87.197.109.28/MP4DVR.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Access Connection Manager RasManWZCSVC (RasManWZCSVC) - Unknown owner - C:\WINDOWS\system32\accwizc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
O24 - Desktop Component 0: (no name) - http://webmail.t-com.sk/imx/attach2.gif
--
End of file - 11806 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan for erik.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EF6288DF-0734-41B2-AA38-A155FC859CA2}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL [2007-12-27 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\5856\1941\toolbaru.dll [2008-03-09 824656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2007-12-27 376901]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-07-10 732672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll [2009-10-27 194912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My &Web Search - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2007-12-27 376901]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-06-09 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-10-06 161096]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-12-14 176128]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2007-12-27 28672]
"DAEMON Tools-1033"=C:\Program Files\EA GAMES\Daemon tools\daemon.exe [2004-08-22 81920]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"CnxDslTaskBar"=C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe [2004-06-16 233472]
"SGPUpdater"=C:\Program Files\Search Guard PlusU\sgpUpdaters.exe [2009-05-15 67456]
"FBSearch"=C:\Program Files\Search Guard Plus\SearchGuardPlus.exe [2009-05-04 194432]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"sysgif32"=C:\WINDOWS\TEMP\~TM605.tmp []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2007-12-27 28672]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Documents and Settings\erik\Start Menu\Programs\Startup
winesm32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
crypts.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-10-06 83272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"system"=kdarf.exe []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Doom 3\Doom3Ded.exe"="C:\Program Files\Doom 3\Doom3Ded.exe:*:Disabled:DOOM 3"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\80exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\80exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\47exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\47exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\52exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\52exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\39exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\39exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\76exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\76exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\5exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\5exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\74exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\74exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\88exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\88exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\1exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\1exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\17exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\17exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\10exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\10exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\28exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\28exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\77exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\77exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\93exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\93exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\48exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\48exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\13exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\13exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\18exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\18exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\4exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\4exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\23exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\23exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\34exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\34exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\21exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\21exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\79exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\79exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\71exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\71exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\6exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\6exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\98exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\98exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\56exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\56exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\32exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\32exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\96exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\96exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\58exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\58exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\89exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\89exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\27exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\27exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\92exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\92exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\42exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\42exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\24exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\24exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\53exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\53exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\16exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\16exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\68exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\68exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\45exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\45exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\9exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\9exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\31exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\31exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\59exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\59exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\46exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\46exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\83exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\83exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\38exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\38exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\82exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\82exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\8exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\8exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\55exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\55exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\67exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\67exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\3exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\3exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\49exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\49exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\54exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\54exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\2exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\2exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\81exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\81exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\73exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\73exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\40exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\40exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\22exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\22exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\20exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\20exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\14exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\14exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\25exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\25exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\99exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\99exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\61exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\61exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\75exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\75exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\26exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\26exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\97exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\97exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\94exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\94exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\69exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\69exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\41exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\41exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\66exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\66exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\33exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\33exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\63exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\63exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\85exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\85exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\29exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\29exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\0exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\0exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\70exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\70exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\91exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\91exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\62exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\62exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\57exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\57exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\72exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\72exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\37exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\37exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\36exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\36exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\35exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\35exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\50exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\50exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\84exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\84exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\87exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\87exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\64exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\64exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\68ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\68ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\29ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\29ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\59ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\59ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\54ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\54ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\81ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\81ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\56ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\56ex3.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\43ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\43ex3.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\5ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\5ex3.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\8ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\8ex3.modul32.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-03-18 18:49:13 ----D---- C:\Documents and Settings\erik\Application Data\Malwarebytes
2010-03-18 18:49:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-18 18:49:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-17 22:52:40 ----D---- C:\Program Files\trend micro
2010-03-17 22:50:04 ----D---- C:\rsit
2010-03-17 19:53:02 ----D---- C:\Program Files\Wise Registry Cleaner
2010-03-17 18:30:27 ----SHD---- C:\WINDOWS\CSC
2010-03-17 18:30:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-14 10:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-05 21:56:13 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-01 11:38:30 ----SHD---- C:\found.000
2010-02-25 09:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
======List of files/folders modified in the last 1 months======
2010-03-18 20:17:12 ----D---- C:\Program Files\Symantec AntiVirus
2010-03-18 20:17:10 ----D---- C:\WINDOWS
2010-03-18 20:16:47 ----D---- C:\WINDOWS\Temp
2010-03-18 20:03:46 ----D---- C:\WINDOWS\Prefetch
2010-03-18 18:49:06 ----D---- C:\WINDOWS\system32\drivers
2010-03-18 18:49:03 ----RD---- C:\Program Files
2010-03-18 18:33:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-18 18:19:55 ----D---- C:\Program Files\Yahoo!
2010-03-18 18:18:04 ----D---- C:\Program Files\Google
2010-03-18 18:18:04 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-03-17 22:21:16 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-17 21:55:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-17 21:55:14 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-17 21:54:24 ----D---- C:\WINDOWS\system32
2010-03-17 18:32:07 ----D---- C:\Program Files\Norton Security Scan
2010-03-15 19:56:03 ----D---- C:\Program Files\Fotolab
2010-03-15 19:29:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-15 18:16:28 ----D---- C:\Program Files\Common Files
2010-03-15 18:16:27 ----SHD---- C:\WINDOWS\Installer
2010-03-15 18:01:45 ----D---- C:\Program Files\Microsoft Games
2010-03-15 17:53:50 ----D---- C:\Program Files\DivX
2010-03-15 17:46:23 ----SD---- C:\WINDOWS\Tasks
2010-03-14 13:01:02 ----A---- C:\WINDOWS\win.ini
2010-03-14 10:54:17 ----HD---- C:\WINDOWS\inf
2010-03-14 10:53:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-14 10:53:58 ----D---- C:\Program Files\Movie Maker
2010-03-14 10:53:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 16:41:00 ----D---- C:\Documents and Settings\erik\Application Data\ICQ
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-25 09:15:28 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 09:15:24 ----D---- C:\WINDOWS\ie8updates
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-06-11 263736]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-01-04 51072]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100317.021\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100317.021\navex15.sys []
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-06-06 9856]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-05-14 10345]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-06-11 16280]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-06-09 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-06-09 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-10-06 30024]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-10-06 173392]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-10-06 1275216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 RasManWZCSVC;Remote Access Connection Manager RasManWZCSVC; C:\WINDOWS\system32\accwizc.exe srv []
S2 Windows Log;Windows Log; C:\WINDOWS\system32\nvsvcd.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-06-09 87160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-06-11 201944]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
Tu je novy log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by erik at 2010-03-18 20:18:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (58%) free of 78 GB
Total RAM: 511 MB (10% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:03, on 18. 3. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
C:\Program Files\EA GAMES\Daemon tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\erik\My Documents\ZMAZ\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\erik.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azet.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\5856\1941\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\EA GAMES\Daemon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM605.tmp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8752908578
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5836409578
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F92211F4-3913-4DC2-A275-756374D848B0} (ERViewerOCX Control) - http://87.197.109.28/MP4DVR.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Access Connection Manager RasManWZCSVC (RasManWZCSVC) - Unknown owner - C:\WINDOWS\system32\accwizc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
O24 - Desktop Component 0: (no name) - http://webmail.t-com.sk/imx/attach2.gif
--
End of file - 11806 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan for erik.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EF6288DF-0734-41B2-AA38-A155FC859CA2}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL [2007-12-27 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\5856\1941\toolbaru.dll [2008-03-09 824656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2007-12-27 376901]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-07 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-07-10 732672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll [2009-10-27 194912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My &Web Search - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL [2007-12-27 376901]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-06-09 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-10-06 161096]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-12-14 176128]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2007-12-27 28672]
"DAEMON Tools-1033"=C:\Program Files\EA GAMES\Daemon tools\daemon.exe [2004-08-22 81920]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"CnxDslTaskBar"=C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe [2004-06-16 233472]
"SGPUpdater"=C:\Program Files\Search Guard PlusU\sgpUpdaters.exe [2009-05-15 67456]
"FBSearch"=C:\Program Files\Search Guard Plus\SearchGuardPlus.exe [2009-05-04 194432]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"sysgif32"=C:\WINDOWS\TEMP\~TM605.tmp []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe [2007-12-27 28672]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Documents and Settings\erik\Start Menu\Programs\Startup
winesm32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-03 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt]
crypts.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-10-06 83272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"system"=kdarf.exe []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Doom 3\Doom3Ded.exe"="C:\Program Files\Doom 3\Doom3Ded.exe:*:Disabled:DOOM 3"
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe"="C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\80exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\80exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\47exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\47exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\52exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\52exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\39exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\39exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\76exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\76exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\5exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\5exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\74exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\74exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\88exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\88exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\1exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\1exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\17exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\17exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\10exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\10exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\28exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\28exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\77exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\77exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\93exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\93exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\48exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\48exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\13exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\13exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\18exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\18exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\4exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\4exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\23exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\23exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\34exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\34exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\21exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\21exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\79exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\79exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\71exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\71exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\6exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\6exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\98exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\98exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\56exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\56exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\32exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\32exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\96exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\96exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\58exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\58exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\89exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\89exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\27exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\27exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\92exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\92exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\42exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\42exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\24exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\24exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\53exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\53exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\16exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\16exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\68exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\68exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\45exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\45exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\9exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\9exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\31exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\31exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\59exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\59exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\46exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\46exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\83exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\83exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\38exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\38exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\82exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\82exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\8exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\8exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\55exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\55exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\67exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\67exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\3exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\3exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\49exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\49exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\54exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\54exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\2exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\2exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\81exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\81exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\73exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\73exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\40exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\40exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\22exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\22exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\20exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\20exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\14exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\14exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\25exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\25exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\99exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\99exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\61exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\61exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\75exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\75exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\26exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\26exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\97exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\97exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\94exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\94exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\69exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\69exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\41exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\41exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\66exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\66exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\33exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\33exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\63exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\63exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\85exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\85exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\29exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\29exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\0exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\0exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\70exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\70exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\91exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\91exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\62exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\62exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\57exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\57exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\72exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\72exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\37exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\37exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\36exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\36exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\35exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\35exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\50exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\50exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\84exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\84exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\87exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\87exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\64exmodul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\64exmodul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\68ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\68ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\29ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\29ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\59ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\59ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\54ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\54ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\81ex1.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\81ex1.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\56ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\56ex3.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\43ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\43ex3.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\5ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\5ex3.modul32.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\erik\LOCALS~1\Temp\8ex3.modul32.exe"="C:\DOCUME~1\erik\LOCALS~1\Temp\8ex3.modul32.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-03-18 18:49:13 ----D---- C:\Documents and Settings\erik\Application Data\Malwarebytes
2010-03-18 18:49:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-18 18:49:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-17 22:52:40 ----D---- C:\Program Files\trend micro
2010-03-17 22:50:04 ----D---- C:\rsit
2010-03-17 19:53:02 ----D---- C:\Program Files\Wise Registry Cleaner
2010-03-17 18:30:27 ----SHD---- C:\WINDOWS\CSC
2010-03-17 18:30:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-14 10:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-05 21:56:13 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-01 11:38:30 ----SHD---- C:\found.000
2010-02-25 09:14:51 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
======List of files/folders modified in the last 1 months======
2010-03-18 20:17:12 ----D---- C:\Program Files\Symantec AntiVirus
2010-03-18 20:17:10 ----D---- C:\WINDOWS
2010-03-18 20:16:47 ----D---- C:\WINDOWS\Temp
2010-03-18 20:03:46 ----D---- C:\WINDOWS\Prefetch
2010-03-18 18:49:06 ----D---- C:\WINDOWS\system32\drivers
2010-03-18 18:49:03 ----RD---- C:\Program Files
2010-03-18 18:33:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-18 18:19:55 ----D---- C:\Program Files\Yahoo!
2010-03-18 18:18:04 ----D---- C:\Program Files\Google
2010-03-18 18:18:04 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-03-17 22:21:16 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-17 21:55:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-17 21:55:14 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-17 21:54:24 ----D---- C:\WINDOWS\system32
2010-03-17 18:32:07 ----D---- C:\Program Files\Norton Security Scan
2010-03-15 19:56:03 ----D---- C:\Program Files\Fotolab
2010-03-15 19:29:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-15 18:16:28 ----D---- C:\Program Files\Common Files
2010-03-15 18:16:27 ----SHD---- C:\WINDOWS\Installer
2010-03-15 18:01:45 ----D---- C:\Program Files\Microsoft Games
2010-03-15 17:53:50 ----D---- C:\Program Files\DivX
2010-03-15 17:46:23 ----SD---- C:\WINDOWS\Tasks
2010-03-14 13:01:02 ----A---- C:\WINDOWS\win.ini
2010-03-14 10:54:17 ----HD---- C:\WINDOWS\inf
2010-03-14 10:53:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-14 10:53:58 ----D---- C:\Program Files\Movie Maker
2010-03-14 10:53:36 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 16:41:00 ----D---- C:\Documents and Settings\erik\Application Data\ICQ
2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-25 09:15:28 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 09:15:24 ----D---- C:\WINDOWS\ie8updates
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 768512]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-06-11 263736]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-01-04 51072]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100317.021\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100317.021\navex15.sys []
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-06-06 9856]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 60416]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-05-14 10345]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-06-11 16280]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-03 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-06-09 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-06-09 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-10-06 30024]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-10-06 173392]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-10-06 1275216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 RasManWZCSVC;Remote Access Connection Manager RasManWZCSVC; C:\WINDOWS\system32\accwizc.exe srv []
S2 Windows Log;Windows Log; C:\WINDOWS\system32\nvsvcd.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-06-09 87160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-06-11 201944]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe- Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
- Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
- Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
- Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
- Během skenování může být počítač restartován.
Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
tu je vystup z Combofixu:
ComboFix 10-03-17.07 - erik . 03. 2010 20:43:43.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.121 [GMT 1:00]
Running from: c:\documents and settings\erik\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\erik\Application Data\avdrn.dat
c:\documents and settings\erik\Application Data\FunWebProducts
c:\documents and settings\erik\Application Data\FunWebProducts\Data\erik\register.dat
c:\documents and settings\erik\Local Settings\Application Data\DoubleD
c:\documents and settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar\3.10.3.13450\bin\stbup.exe
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\documents and settings\erik\Start Menu\Programs\Startup\winesm32.exe
c:\documents and settings\erik\Start Menu\Programs\Total Security
c:\documents and settings\erik\Start Menu\Programs\Total Security\Total Security 2009.lnk
C:\mtwb.dat
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\012DE566.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\4.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\4.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\4.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\4.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\4.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\4.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\4.bin\F3SHllvw.dll
c:\program files\MyWebSearch\bar\4.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\4.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\4.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\4.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\4.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\4.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\4.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\4.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0003327B
c:\program files\MyWebSearch\bar\Cache\000C3127
c:\program files\MyWebSearch\bar\Cache\004D944A.bin
c:\program files\MyWebSearch\bar\Cache\004D95F0.bin
c:\program files\MyWebSearch\bar\Cache\004D9757.bin
c:\program files\MyWebSearch\bar\Cache\006CD3FC
c:\program files\MyWebSearch\bar\Cache\006CD6EA.bin
c:\program files\MyWebSearch\bar\Cache\006CD851.bin
c:\program files\MyWebSearch\bar\Cache\006CDA55.bin
c:\program files\MyWebSearch\bar\Cache\006D0D7B.bin
c:\program files\MyWebSearch\bar\Cache\006F5DA4.bin
c:\program files\MyWebSearch\bar\Cache\006F6006.bin
c:\program files\MyWebSearch\bar\Cache\006F619C.bin
c:\program files\MyWebSearch\bar\Cache\006F6342.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\2685082433.dat
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ssprs.dll
c:\windows\wiaservim.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RASMANWZCSVC
-------\Legacy_WINDOWS_LOG
-------\Service_RasManWZCSVC
-------\Service_Windows Log
((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.
2010-03-18 19:43 . 2004-09-03 05:43 46464 ----a-r- c:\windows\system32\drivers\SiSRaid_2.sys
2010-03-18 17:49 . 2010-03-18 17:49 -------- d-----w- c:\documents and settings\erik\Application Data\Malwarebytes
2010-03-18 17:49 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 17:49 . 2010-03-18 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-18 17:49 . 2010-03-18 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 17:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 21:52 . 2010-03-18 19:18 -------- d-----w- c:\program files\trend micro
2010-03-17 21:50 . 2010-03-18 19:19 -------- d-----w- C:\rsit
2010-03-17 18:53 . 2010-03-17 19:00 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-03-17 17:41 . 2010-03-17 17:41 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-14 00:14 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 20:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-01 10:38 . 2010-03-01 10:38 -------- d-----w- C:\found.000
2010-02-28 21:16 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-28 21:16 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-28 21:16 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-28 21:16 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-28 21:16 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-28 21:16 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 19:57 . 2005-06-06 08:33 -------- d-----w- c:\program files\Symantec AntiVirus
2010-03-18 17:19 . 2005-10-15 18:55 -------- d-----w- c:\program files\Yahoo!
2010-03-18 17:18 . 2006-06-24 20:29 -------- d-----w- c:\program files\Google
2010-03-17 17:32 . 2008-05-04 08:38 -------- d-----w- c:\program files\Norton Security Scan
2010-03-15 18:56 . 2008-04-25 17:50 -------- d-----w- c:\program files\Fotolab
2010-03-15 17:01 . 2005-06-22 16:01 -------- d-----w- c:\program files\Microsoft Games
2010-03-15 16:53 . 2009-08-13 13:13 -------- d-----w- c:\program files\DivX
2010-03-10 15:41 . 2006-04-08 18:40 -------- d-----w- c:\documents and settings\erik\Application Data\ICQ
2010-03-06 17:44 . 2010-02-28 21:13 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\rbuwzv.dat
2010-01-30 13:13 . 2008-03-23 14:57 -------- d-----w- c:\documents and settings\erik\Application Data\Apple Computer
2010-01-18 21:22 . 2008-03-01 21:00 -------- d-----w- c:\documents and settings\erik\Application Data\Skype
2010-01-18 15:19 . 2008-03-01 21:02 -------- d-----w- c:\documents and settings\erik\Application Data\skypePM
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-10-27 19:53 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"DAEMON Tools-1033"="c:\program files\EA GAMES\Daemon tools\daemon.exe" [2004-08-22 81920]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"12745:TCP"= 12745:TCP:BitComet 12745 TCP
"12745:UDP"= 12745:UDP:BitComet 12745 UDP
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [30. 9. 2006 15:32 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [30. 9. 2006 15:32 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10. 1. 2008 15:32 639224]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [4. 1. 2009 11:08 51072]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6. 10. 2004 16:56 173392]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [10. 1. 2009 19:22 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [10. 1. 2009 19:22 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [10. 1. 2009 19:22 60416]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18. 3. 2010 18:49 38224]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23. 4. 2007 12:54 83208]
.
Contents of the 'Scheduled Tasks' folder
2009-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-03-10 c:\windows\Tasks\Norton Security Scan for erik.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]
2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{EF6288DF-0734-41B2-AA38-A155FC859CA2}.job
- c:\windows\system32\msfeedssync.exe [2009-12-27 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.azet.sk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... &l=zn&o=sb
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://87.197.109.28/MP4DVR.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
HKLM-Run-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 20:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?CA}" password="11" userid="" rtl="0" tbsclsid
FBSearch = c:\program files\Search Guard Plus\SearchGuardPlus.exe?CA}" password="11" userid="" rtl="0" tbsclsid
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82B661D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8543f28
\Driver\ACPI -> ACPI.sys @ 0xf82a0cb8
\Driver\atapi -> 0x81f41828
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: SiS 900-Based PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf813eb0a
PacketIndicateHandler -> NDIS.sys @ 0xf8149a21
SendHandler -> NDIS.sys @ 0xf813e949
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2256)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-18 21:07:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-18 20:07
Pre-Run: 51 637 374 976 bytes free
Post-Run: 51 997 859 840 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 512A21E9FA78C542E405DA1AA819376F
ComboFix 10-03-17.07 - erik . 03. 2010 20:43:43.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.121 [GMT 1:00]
Running from: c:\documents and settings\erik\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\documents and settings\erik\Application Data\avdrn.dat
c:\documents and settings\erik\Application Data\FunWebProducts
c:\documents and settings\erik\Application Data\FunWebProducts\Data\erik\register.dat
c:\documents and settings\erik\Local Settings\Application Data\DoubleD
c:\documents and settings\erik\Local Settings\Application Data\DoubleD\PopularGlitter Toolbar\3.10.3.13450\bin\stbup.exe
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe
c:\documents and settings\erik\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\documents and settings\erik\Start Menu\Programs\Startup\winesm32.exe
c:\documents and settings\erik\Start Menu\Programs\Total Security
c:\documents and settings\erik\Start Menu\Programs\Total Security\Total Security 2009.lnk
C:\mtwb.dat
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\fbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\012DE566.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\3.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\4.bin\F3BROVLY.DLL
c:\program files\MyWebSearch\bar\4.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\4.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\4.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\4.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\4.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\4.bin\F3SHllvw.dll
c:\program files\MyWebSearch\bar\4.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\4.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\4.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\4.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\4.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\4.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\4.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\4.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0003327B
c:\program files\MyWebSearch\bar\Cache\000C3127
c:\program files\MyWebSearch\bar\Cache\004D944A.bin
c:\program files\MyWebSearch\bar\Cache\004D95F0.bin
c:\program files\MyWebSearch\bar\Cache\004D9757.bin
c:\program files\MyWebSearch\bar\Cache\006CD3FC
c:\program files\MyWebSearch\bar\Cache\006CD6EA.bin
c:\program files\MyWebSearch\bar\Cache\006CD851.bin
c:\program files\MyWebSearch\bar\Cache\006CDA55.bin
c:\program files\MyWebSearch\bar\Cache\006D0D7B.bin
c:\program files\MyWebSearch\bar\Cache\006F5DA4.bin
c:\program files\MyWebSearch\bar\Cache\006F6006.bin
c:\program files\MyWebSearch\bar\Cache\006F619C.bin
c:\program files\MyWebSearch\bar\Cache\006F6342.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\2685082433.dat
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ssprs.dll
c:\windows\wiaservim.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RASMANWZCSVC
-------\Legacy_WINDOWS_LOG
-------\Service_RasManWZCSVC
-------\Service_Windows Log
((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.
2010-03-18 19:43 . 2004-09-03 05:43 46464 ----a-r- c:\windows\system32\drivers\SiSRaid_2.sys
2010-03-18 17:49 . 2010-03-18 17:49 -------- d-----w- c:\documents and settings\erik\Application Data\Malwarebytes
2010-03-18 17:49 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-18 17:49 . 2010-03-18 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-18 17:49 . 2010-03-18 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-18 17:49 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-17 21:52 . 2010-03-18 19:18 -------- d-----w- c:\program files\trend micro
2010-03-17 21:50 . 2010-03-18 19:19 -------- d-----w- C:\rsit
2010-03-17 18:53 . 2010-03-17 19:00 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-03-17 17:41 . 2010-03-17 17:41 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-14 00:14 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 20:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-01 10:38 . 2010-03-01 10:38 -------- d-----w- C:\found.000
2010-02-28 21:16 . 2008-04-13 19:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-02-28 21:16 . 2008-04-13 19:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-02-28 21:16 . 2008-04-13 19:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-28 21:16 . 2008-04-13 19:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-28 21:16 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-28 21:16 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 19:57 . 2005-06-06 08:33 -------- d-----w- c:\program files\Symantec AntiVirus
2010-03-18 17:19 . 2005-10-15 18:55 -------- d-----w- c:\program files\Yahoo!
2010-03-18 17:18 . 2006-06-24 20:29 -------- d-----w- c:\program files\Google
2010-03-17 17:32 . 2008-05-04 08:38 -------- d-----w- c:\program files\Norton Security Scan
2010-03-15 18:56 . 2008-04-25 17:50 -------- d-----w- c:\program files\Fotolab
2010-03-15 17:01 . 2005-06-22 16:01 -------- d-----w- c:\program files\Microsoft Games
2010-03-15 16:53 . 2009-08-13 13:13 -------- d-----w- c:\program files\DivX
2010-03-10 15:41 . 2006-04-08 18:40 -------- d-----w- c:\documents and settings\erik\Application Data\ICQ
2010-03-06 17:44 . 2010-02-28 21:13 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\rbuwzv.dat
2010-01-30 13:13 . 2008-03-23 14:57 -------- d-----w- c:\documents and settings\erik\Application Data\Apple Computer
2010-01-18 21:22 . 2008-03-01 21:00 -------- d-----w- c:\documents and settings\erik\Application Data\Skype
2010-01-18 15:19 . 2008-03-01 21:02 -------- d-----w- c:\documents and settings\erik\Application Data\skypePM
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-10-27 19:53 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SoundMan"="SOUNDMAN.EXE" [2004-09-16 69632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"DAEMON Tools-1033"="c:\program files\EA GAMES\Daemon tools\daemon.exe" [2004-08-22 81920]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"12745:TCP"= 12745:TCP:BitComet 12745 TCP
"12745:UDP"= 12745:UDP:BitComet 12745 UDP
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [30. 9. 2006 15:32 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [30. 9. 2006 15:32 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10. 1. 2008 15:32 639224]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [4. 1. 2009 11:08 51072]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6. 10. 2004 16:56 173392]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [10. 1. 2009 19:22 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [10. 1. 2009 19:22 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [10. 1. 2009 19:22 60416]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18. 3. 2010 18:49 38224]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23. 4. 2007 12:54 83208]
.
Contents of the 'Scheduled Tasks' folder
2009-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-03-10 c:\windows\Tasks\Norton Security Scan for erik.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]
2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{EF6288DF-0734-41B2-AA38-A155FC859CA2}.job
- c:\windows\system32\msfeedssync.exe [2009-12-27 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.azet.sk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... &l=zn&o=sb
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F92211F4-3913-4DC2-A275-756374D848B0} - hxxp://87.197.109.28/MP4DVR.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
HKLM-Run-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 20:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?CA}" password="11" userid="" rtl="0" tbsclsid
FBSearch = c:\program files\Search Guard Plus\SearchGuardPlus.exe?CA}" password="11" userid="" rtl="0" tbsclsid
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82B661D8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8543f28
\Driver\ACPI -> ACPI.sys @ 0xf82a0cb8
\Driver\atapi -> 0x81f41828
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: SiS 900-Based PCI Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf813eb0a
PacketIndicateHandler -> NDIS.sys @ 0xf8149a21
SendHandler -> NDIS.sys @ 0xf813e949
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2256)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-18 21:07:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-18 20:07
Pre-Run: 51 637 374 976 bytes free
Post-Run: 51 997 859 840 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 512A21E9FA78C542E405DA1AA819376F
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Tohle otestujte na http://www.virustotal.com/cs/ c:\windows\system32\drivers\tcpip.sys
(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)
Odinstalujte všechny emulátory virtuálních mechanik. Stáhněte SPTD http://www.duplexsecure.com/en/downloads
- Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
- zvolte možnost Uninstall a restartujte PC.
Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe
- Klikněte na "Disable" a restartujte PC.
Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe Start > Spustit (Win + R)- Vyskočí okénko, zkopírujte do něj:
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -t- Klikněte na OK
- Vytvoří se log s názvem mbr.log, vložte ho sem.
Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
1. link na vvysledok zo scanu TCPIP.SYS je na:
http://www.virustotal.com/cs/analisis/f ... 1268943679
Scan nic nenasiel, bol negativny.
2. Virtualne mechaniky som odinstaloval
3.SPTD mi neslo spustit, vypisalo to hlasku ze subor nie je platnou aplikaciou Win32
4. Defogger som spustil podla poziadavky
5. log z MBR je tu:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll SiSRaid.sys
kernel: MBR read successfully
user & kernel MBR OK
6a. kratky log z Gmer je tu:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-18 21:51:14
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\erik\LOCALS~1\Temp\pxtdrpoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
6b. "dlhy" log z Gmeru po oscanovani je tu:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 22:03:35
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\erik\LOCALS~1\Temp\pxtdrpoc.sys
---- System - GMER 1.0.15 ----
SSDT E19E63A0 ZwConnectPort
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\erik\LOCALS~1\Temp\mbr.sys Systém nemôže nájst zadaný súbor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2548CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0xB9 0x33 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0xB9 0x33 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0xB9 0x33 0x7C ...
---- EOF - GMER 1.0.15 ----
http://www.virustotal.com/cs/analisis/f ... 1268943679
Scan nic nenasiel, bol negativny.
2. Virtualne mechaniky som odinstaloval
3.SPTD mi neslo spustit, vypisalo to hlasku ze subor nie je platnou aplikaciou Win32
4. Defogger som spustil podla poziadavky
5. log z MBR je tu:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll SiSRaid.sys
kernel: MBR read successfully
user & kernel MBR OK
6a. kratky log z Gmer je tu:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-18 21:51:14
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\erik\LOCALS~1\Temp\pxtdrpoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
6b. "dlhy" log z Gmeru po oscanovani je tu:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-18 22:03:35
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\erik\LOCALS~1\Temp\pxtdrpoc.sys
---- System - GMER 1.0.15 ----
SSDT E19E63A0 ZwConnectPort
---- Kernel code sections - GMER 1.0.15 ----
? C:\DOCUME~1\erik\LOCALS~1\Temp\mbr.sys Systém nemôže nájst zadaný súbor. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2548CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1060] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3936] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Internet Explorer\iexplore.exe[1060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0xB9 0x33 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0xB9 0x33 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0F 0xB9 0x33 0x7C ...
---- EOF - GMER 1.0.15 ----
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Zda sa ze sa chova normalne. CPU uz nevyleti na 100%. Niekedy sa mi zda ze pocitac reaguje pomalsie, ale da sa s tym zit.
Mam odinstalovat MBAM, alebo budeme este nieco skusat?
Mam odinstalovat MBAM, alebo budeme este nieco skusat?
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Windows XP SP3, CPU na 100%, prosim o kontrolu logu
Poprosím o nový log z RSIT. MBAM můžete odinstalovat.
Přispějete na provoz fóra?
