Ked zapenem PC, vyskoci mi, ze mi chyba nejaky script a vyskoci mi plno obrazkov.
Logfile of random's system information tool 1.08 (written by random/random)
Run by erik at 2011-02-01 09:40:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 387 GB (63%) free of 610 GB
Total RAM: 3063 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:40:43, on 1.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\erik\Desktop\RSIT.exe
C:\Program Files\trend micro\erik.exe
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AutoKMS] C:\WINDOWS\AutoKMS.exe
O4 - HKLM\..\Run: [pedo] mshta http://www.nurs.or.jp/~jisatsu/bbs/bbs.cgi
O4 - HKLM\..\Run: [hentai] mshta http://6111.teacup.com/namikare/bbs
O4 - HKLM\..\Run: [anime] mshta http://namikare.net/img/
O4 - HKLM\..\Run: [namikarem] mshta http://www.namikarem.net/nami.cgi
O4 - HKLM\..\Run: [namikare] mshta http://netart.jp/namikare/nami.cgi
O4 - HKLM\..\Run: [oshioki] wscript.exe %windir%\shell.vbs
O4 - HKLM\..\Run: [kimoi] rundll32.exe url,FileProtocolHandler %windir%\kimoi.html
O4 - HKLM\..\Run: [jinmei] mshta http://namikare.net/jinmei/index.php
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [AlSrvN] C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: 0000002.jpg
O4 - Startup: 0000009.jpg
O4 - Startup: 0007176M.jpg
O4 - Startup: 0009147M.jpg
O4 - Startup: 0009148.jpg
O4 - Startup: 0012209.jpg
O4 - Startup: 0012230M.jpg
O4 - Startup: 0012247M.jpg
O4 - Startup: 0012250.jpg
O4 - Startup: 0013267.jpg
O4 - Startup: 0013268.jpg
O4 - Startup: 0013269M.jpg
O4 - Startup: 0013270.jpg
O4 - Startup: 0013271.jpg
O4 - Startup: 0013272.jpg
O4 - Startup: 0013274.jpg
O4 - Startup: 0014155.jpg
O4 - Startup: 0014194.jpg
O4 - Startup: 0014371.jpg
O4 - Startup: 0014961.jpg
O4 - Startup: 0015561M.jpg
O4 - Startup: 0016248M.jpg
O4 - Startup: 0016253.jpg
O4 - Startup: 0016279M.jpg
O4 - Startup: 0016280M.jpg
O4 - Startup: 0016283M.png
O4 - Startup: 0016285M.jpg
O4 - Startup: 0016288M.jpg
O4 - Startup: 0016292.jpg
O4 - Startup: 0016293.jpg
O4 - Startup: 0016294M.jpg
O4 - Startup: 0016298.jpg
O4 - Startup: 0016399M.jpg
O4 - Startup: 0016431M.jpg
O4 - Startup: 0016535.jpg
O4 - Startup: 0016538.jpg
O4 - Startup: 0016542.jpg
O4 - Startup: 0016544.jpg
O4 - Startup: 0016558M.jpg
O4 - Startup: 0016563M.jpg
O4 - Startup: 0016930M.jpg
O4 - Startup: 0016957M.jpg
O4 - Startup: 0018135.jpg
O4 - Startup: 0018135_2.jpg
O4 - Startup: 002.JPG
O4 - Startup: 003.JPG
O4 - Startup: 004.jpg
O4 - Startup: 01.jpg
O4 - Startup: 010.jpg
O4 - Startup: 017.jpg
O4 - Startup: 018.jpg
O4 - Startup: 02.jpg
O4 - Startup: 026.jpg
O4 - Startup: 029.jpg
O4 - Startup: 03.jpg
O4 - Startup: 032.jpg
O4 - Startup: 033.jpg
O4 - Startup: 04.jpg
O4 - Startup: 05.jpg
O4 - Startup: 06.jpg
O4 - Startup: 069.jpg
O4 - Startup: 07.jpg
O4 - Startup: 070.jpg
O4 - Startup: 072.jpg
O4 - Startup: 076.jpg
O4 - Startup: 077.jpg
O4 - Startup: 078.jpg
O4 - Startup: 08.jpg
O4 - Startup: 081.jpg
O4 - Startup: 082.jpg
O4 - Startup: 084.jpg
O4 - Startup: 085.jpg
O4 - Startup: 087.jpg
O4 - Startup: 088.jpg
O4 - Startup: 0888.jpg
O4 - Startup: 089.jpg
O4 - Startup: 09.jpg
O4 - Startup: 095.jpg
O4 - Startup: 097.jpg
O4 - Startup: 0978.jpg
O4 - Startup: 098.jpg
O4 - Startup: 0991235.jpg
O4 - Startup: 100.jpg
O4 - Startup: 100478.jpg
O4 - Startup: 102.jpg
O4 - Startup: 103.jpg
O4 - Startup: 1050321640252.jpg
O4 - Startup: 1052989611046.jpg
O4 - Startup: 107.jpg
O4 - Startup: 10789.jpg
O4 - Startup: 108554.jpg
O4 - Startup: 11.jpg
O4 - Startup: 111.jpg
O4 - Startup: 112.jpg
O4 - Startup: 115.jpg
O4 - Startup: 116.jpg
O4 - Startup: 117.jpg
O4 - Startup: 118.jpg
O4 - Startup: 12.jpg
O4 - Startup: 120.jpg
O4 - Startup: 1210.jpg
O4 - Startup: 122.jpg
O4 - Startup: 1220.jpg
O4 - Startup: 123.jpg
O4 - Startup: 127.jpg
O4 - Startup: 128.jpg
O4 - Startup: 129.jpg
O4 - Startup: 13.jpg
O4 - Startup: 130.jpg
O4 - Startup: 131.jpg
O4 - Startup: 135.jpg
O4 - Startup: 137.jpg
O4 - Startup: 14.jpg
O4 - Startup: 140.jpg
O4 - Startup: 142.jpg
O4 - Startup: 143.jpg
O4 - Startup: 147.jpg
O4 - Startup: 15.jpg
O4 - Startup: 156.jpg
O4 - Startup: 157.jpg
O4 - Startup: 159.jpg
O4 - Startup: 16.jpg
O4 - Startup: 160.jpg
O4 - Startup: 165.jpg
O4 - Startup: 167.jpg
O4 - Startup: 17.jpg
O4 - Startup: 173.jpg
O4 - Startup: 178.jpg
O4 - Startup: 179.jpg
O4 - Startup: 189.jpg
O4 - Startup: 192.jpg
O4 - Startup: 193.jpg
O4 - Startup: 194.jpg
O4 - Startup: 197.jpg
O4 - Startup: 198.jpg
O4 - Startup: 20030511005681.jpg
O4 - Startup: 20030511997723.jpg
O4 - Startup: 20030512038402.jpg
O4 - Startup: 20030512038763.jpg
O4 - Startup: 20030513045383.jpg
O4 - Startup: 20030513047402.jpg
O4 - Startup: 20030514058214.jpg
O4 - Startup: 20030514073792.jpg
O4 - Startup: 20030514076298.jpg
O4 - Startup: 20030514079546.jpg
O4 - Startup: 20030515092341.jpg
O4 - Startup: 20030515095095.jpg
O4 - Startup: 20030515097776.jpg
O4 - Startup: 20030515101961.jpg
O4 - Startup: 20030515107675.jpg
O4 - Startup: 20030516113383.jpg
O4 - Startup: 20030516114956.jpg
O4 - Startup: 20030516117524.jpg
O4 - Startup: 20030517136706.jpg
O4 - Startup: 20030517137441.jpg
O4 - Startup: 20030517139625.jpg
O4 - Startup: 20030517147667.jpg
O4 - Startup: 20030517148700.jpg
O4 - Startup: 20030518163758.jpg
O4 - Startup: 20030518185681.jpg
O4 - Startup: 20030518188541.jpg
O4 - Startup: 20030518188935.jpg
O4 - Startup: 20030518191812.jpg
O4 - Startup: 20030519216593.jpg
O4 - Startup: 20030519218957.jpg
O4 - Startup: 20030519223709.jpg
O4 - Startup: 20030520250141.jpg
O4 - Startup: 20030522266203.jpg
O4 - Startup: 20030522281371.jpg
O4 - Startup: 20030522288750.jpg
O4 - Startup: 20030522290300.jpg
O4 - Startup: 20030523301769.jpg
O4 - Startup: 20030523312531.jpg
O4 - Startup: 20030523315306.jpg
O4 - Startup: 20030523319607.jpg
O4 - Startup: 20030524326017.jpg
O4 - Startup: 20030524326994.jpg
O4 - Startup: 20030524339125.jpg
O4 - Startup: 20030524340412.jpg
O4 - Startup: 20030524341475.jpg
O4 - Startup: 20030524353624.jpg
O4 - Startup: 20030525354108.jpg
O4 - Startup: 20030525363917.jpg
O4 - Startup: 20030525373056.jpg
O4 - Startup: 20030525376417.jpg
O4 - Startup: 20030525377251.jpg
O4 - Startup: 20030526387633.jpg
O4 - Startup: 20030527393051.jpg
O4 - Startup: 20030527393150.jpg
O4 - Startup: 20030528401197.jpg
O4 - Startup: 20030529431613.jpg
O4 - Startup: 20030529436212.jpg
O4 - Startup: 20030529442985.jpg
O4 - Startup: 20030530462371.jpg
O4 - Startup: 20030530466741.jpg
O4 - Startup: 20030531473135.jpg
O4 - Startup: 20030531481991.jpg
O4 - Startup: 20030601486649.jpg
O4 - Startup: 20030601489609.jpg
O4 - Startup: 20030601489856.jpg
O4 - Startup: 20030601502604.jpg
O4 - Startup: 20030601513338.jpg
O4 - Startup: 20030602516883.jpg
O4 - Startup: 20030602519660.jpg
O4 - Startup: 20030602522073.jpg
O4 - Startup: 20030602524702.jpg
O4 - Startup: 20030602530345.jpg
O4 - Startup: 20030602537490.jpg
O4 - Startup: 20030602537917.jpg
O4 - Startup: 20030603543543.jpg
O4 - Startup: 20030603552322.jpg
O4 - Startup: 20030603558104.jpg
O4 - Startup: 20030604578236.jpg
O4 - Startup: 20030604586779.jpg
O4 - Startup: 20030604589651.jpg
O4 - Startup: 20030605597362.jpg
O4 - Startup: 20030605603096.jpg
O4 - Startup: 20030605610311.jpg
O4 - Startup: 20030606619473.jpg
O4 - Startup: 20030606622265.jpg
O4 - Startup: 20030607638228.jpg
O4 - Startup: 20030607640381.jpg
O4 - Startup: 20030607641618.jpg
O4 - Startup: 20030607647696.jpg
O4 - Startup: 20030607647784.jpg
O4 - Startup: 20030607649548.jpg
O4 - Startup: 20030607649633.jpg
O4 - Startup: 20030607650240.jpg
O4 - Startup: 20030607652254.jpg
O4 - Startup: 20030608672538.jpg
O4 - Startup: 20030608672641.jpg
O4 - Startup: 20030608673643.jpg
O4 - Startup: 20030608687234.jpg
O4 - Startup: 20030609691471.jpg
O4 - Startup: 20030609692669.jpg
O4 - Startup: 20030610702578.jpg
O4 - Startup: 20030610703565.jpg
O4 - Startup: 20030610704428.jpg
O4 - Startup: 20030610706014.jpg
O4 - Startup: 20030610710727.jpg
O4 - Startup: 20030610711397.jpg
O4 - Startup: 20030610711420.jpg
O4 - Startup: 20030610717206.jpg
O4 - Startup: 20030611732528.jpg
O4 - Startup: 20030611735850.jpg
O4 - Startup: 20030612751338.jpg
O4 - Startup: 20030612760383.jpg
O4 - Startup: 20030612762726.jpg
O4 - Startup: 20030613776833.jpg
O4 - Startup: 20030613779284.jpg
O4 - Startup: 20030613784837.jpg
O4 - Startup: 20030614790092.jpg
O4 - Startup: 20030614790457.jpg
O4 - Startup: 20030614798651.jpg
O4 - Startup: 20030614800066.jpg
O4 - Startup: 20030615813778.jpg
O4 - Startup: 20030615818040.jpg
O4 - Startup: 20030615824613.jpg
O4 - Startup: 20030615836694.jpg
O4 - Startup: 20030615836800.jpg
O4 - Startup: 20030616847076.jpg
O4 - Startup: 20030616847383.jpg
O4 - Startup: 20030616847987.jpg
O4 - Startup: 20030616848429.jpg
O4 - Startup: 20030616849736.jpg
O4 - Startup: 20030616854202.jpg
O4 - Startup: 20030616856295.jpg
O4 - Startup: 20030616856322.jpg
O4 - Startup: 20030616862002.jpg
O4 - Startup: 2010.html
O4 - Startup: 202.jpg
O4 - Startup: 203.jpg
O4 - Startup: 212.jpg
O4 - Startup: 229.jpg
O4 - Startup: 230.jpg
O4 - Startup: 231.jpg
O4 - Startup: 236.jpg
O4 - Startup: 237.jpg
O4 - Startup: 265c4f636de2ca13312c-1024.jpg
O4 - Startup: 3110.jpg
O4 - Startup: 3、射精後.JPG
O4 - Startup: 44a7e6cd220e65003021-L.jpg
O4 - Startup: 50cb1e72bdb10a79e3e6-L.gif
O4 - Startup: 5cac83e2.jpg
O4 - Startup: 9775b-1024.jpg
O4 - Startup: autorun.inf
O4 - Startup: B01R4472.html
O4 - Startup: B01R4477.html
O4 - Startup: B11R2637.html
O4 - Startup: B13R2238.html
O4 - Startup: B13R7027.html
O4 - Startup: B20R936.html
O4 - Startup: B25R447.html
O4 - Startup: B25R449.html
O4 - Startup: B25R450.html
O4 - Startup: B26R622.html
O4 - Startup: B26R624.html
O4 - Startup: B26R625.html
O4 - Startup: B26R626.html
O4 - Startup: B26R631.html
O4 - Startup: B26R660.html
O4 - Startup: B26R661.html
O4 - Startup: B26R662.html
O4 - Startup: B26R663.html
O4 - Startup: B27R975.html
O4 - Startup: B42R809.html
O4 - Startup: B42R812.html
O4 - Startup: B42R832.html
O4 - Startup: B52R3185.html
O4 - Startup: B53R1180.html
O4 - Startup: D223.JPG
O4 - Startup: D224.JPG
O4 - Startup: D225.JPG
O4 - Startup: d80b-L.jpg
O4 - Startup: DSC00471.jpg
O4 - Startup: DSC00880.JPG
O4 - Startup: DSC00883.JPG
O4 - Startup: DSC00895.JPG
O4 - Startup: DSC01493.JPG
O4 - Startup: DSC01495.JPG
O4 - Startup: dscf0021.jpg
O4 - Startup: dscf0023.jpg
O4 - Startup: dscf0026.jpg
O4 - Startup: dscf0027.jpg
O4 - Startup: dscf0028.jpg
O4 - Startup: dscf0030.jpg
O4 - Startup: dscf0035.jpg
O4 - Startup: dscf0037.jpg
O4 - Startup: fg001.JPG
O4 - Startup: fg002.JPG
O4 - Startup: fg003.JPG
O4 - Startup: fg004.JPG
O4 - Startup: fg005.JPG
O4 - Startup: fg006.JPG
O4 - Startup: fg007.JPG
O4 - Startup: fg008.JPG
O4 - Startup: fg009.JPG
O4 - Startup: help.html
O4 - Startup: icon.ico
O4 - Startup: index.html
O4 - Startup: index2.html
O4 - Startup: keritaoC (マックス).jpg
O4 - Startup: keroro_01.jpg
O4 - Startup: keroro_02.jpg
O4 - Startup: keroro_03.jpg
O4 - Startup: kimoi.html
O4 - Startup: KIMOWOTA is a mental disease..jpg
O4 - Startup: kimowota school.jpg
O4 - Startup: licca01_001.jpg
O4 - Startup: licca01_003.jpg
O4 - Startup: licca01_004.jpg
O4 - Startup: licca01_006.jpg
O4 - Startup: licca01_010.jpg
O4 - Startup: mitsune001-019-1.jpg
O4 - Startup: mitsune001-055-1.jpg
O4 - Startup: mitsune001-092-1.jpg
O4 - Startup: mitsune001-172-1.jpg
O4 - Startup: mitsune001-234-1.jpg
O4 - Startup: mitsune001-236-1.jpg
O4 - Startup: mitsune001-242-1.jpg
O4 - Startup: mitsune001-243-1.jpg
O4 - Startup: mitsune001-248-1.jpg
O4 - Startup: mitune07.jpg
O4 - Startup: myung28jp.jpg
O4 - Startup: namikare.vbs
O4 - Startup: naru01.jpg
O4 - Startup: naru02.jpg
O4 - Startup: naru04.jpg
O4 - Startup: naru09.jpg
O4 - Startup: ns_13.jpg
O4 - Startup: P1010034.JPG
O4 - Startup: page_0.html
O4 - Startup: page_1.html
O4 - Startup: page_10.html
O4 - Startup: page_11.html
O4 - Startup: page_12.html
O4 - Startup: page_13.html
O4 - Startup: page_14.html
O4 - Startup: page_15.html
O4 - Startup: page_2.html
O4 - Startup: page_3.html
O4 - Startup: page_4.html
O4 - Startup: page_5.html
O4 - Startup: page_6.html
O4 - Startup: page_7.html
O4 - Startup: page_8.html
O4 - Startup: page_9.html
O4 - Startup: page_a1.html
O4 - Startup: page_a2.html
O4 - Startup: PEDO2010.html
O4 - Startup: Pedophilia is an intense bad smell.jpg
O4 - Startup: Picture.html
O4 - Startup: README.html
O4 - Startup: Sayaka_01.jpg
O4 - Startup: Sayaka_02.jpg
O4 - Startup: Sayaka_03.jpg
O4 - Startup: Sayaka_04.jpg
O4 - Startup: Sayaka_05.jpg
O4 - Startup: shell.vbs
O4 - Startup: t01.jpg
O4 - Startup: t02.jpg
O4 - Startup: t03.jpg
O4 - Startup: t04.jpg
O4 - Startup: t05.jpg
O4 - Startup: t06.jpg
O4 - Startup: taka01.jpg
O4 - Startup: taka02.jpg
O4 - Startup: taka03.jpg
O4 - Startup: taka04.jpg
O4 - Startup: taka05.jpg
O4 - Startup: taka06.jpg
O4 - Startup: taka07.jpg
O4 - Startup: taka08.jpg
O4 - Startup: taka09.jpg
O4 - Startup: taka10.jpg
O4 - Startup: taka11.jpg
O4 - Startup: taka12.jpg
O4 - Startup: taka13.jpg
O4 - Startup: taka14.jpg
O4 - Startup: The bad smell of pedophilia was expressed..jpg
O4 - Startup: to_alice01.jpg
O4 - Startup: to_alice02.jpg
O4 - Startup: to_alice03.jpg
O4 - Startup: to_alice04.jpg
O4 - Startup: to_alice05.jpg
O4 - Startup: to_alice06.jpg
O4 - Startup: tsuyoimo_036.jpg
O4 - Startup: tsuyoimo_058.jpg
O4 - Startup: tsuyoimo_062.jpg
O4 - Startup: tsuyoimo_065.jpg
O4 - Startup: tsuyoimo_078.jpg
O4 - Startup: tsuyoimo_079.jpg
O4 - Startup: tsuyoimo_120.jpg
O4 - Startup: vclp01.JPG
O4 - Startup: w_cast07.jpg
O4 - Startup: w_cast08.jpg
O4 - Startup: w_cast10.jpg
O4 - Startup: _fg001.JPG
O4 - Startup: _fg002.JPG
O4 - Startup: _fg003.JPG
O4 - Startup: _fg004.JPG
O4 - Startup: _fg005.JPG
O4 - Startup: _fg006.JPG
O4 - Startup: _fg007.JPG
O4 - Startup: _fg008.JPG
O4 - Startup: _fg009.JPG
O4 - Startup: _fg010.JPG
O4 - Startup: _fg011.JPG
O4 - Startup: 「ぶっかけ使用済み枕カバー」 オークションにて出品 完売.zip
O4 - Startup: くさい、きたない、きもちわるい 悪い結果を社会に招くテロリスト集団 The キモヲタ 001.jpg
O4 - Startup: くさい、きたない、きもちわるい 悪い結果を社会に招くテロリスト集団 The キモヲタ 002.jpg
O4 - Startup: つぶれアンパン001.jpg
O4 - Startup: つぶれアンパン002.jpg
O4 - Startup: つぶれアンパン003.jpg
O4 - Startup: つぶれアンパン004.jpg
O4 - Startup: つぶれアンパン005.jpg
O4 - Startup: つぶれアンパン006.jpg
O4 - Startup: つぶれアンパン007.jpg
O4 - Startup: つぶれアンパン008.jpg
O4 - Startup: つぶれアンパン009.jpg
O4 - Startup: つぶれアンパン010.jpg
O4 - Startup: つぶれアンパン011.jpg
O4 - Startup: つぶれアンパン012.jpg
O4 - Startup: つぶれアンパン013.jpg
O4 - Startup: つぶれアンパン014.jpg
O4 - Startup: つぶれアンパン015.jpg
O4 - Startup: つぶれアンパン016.jpg
O4 - Startup: つぶれアンパン017.jpg
O4 - Startup: つぶれアンパン018.jpg
O4 - Startup: つぶれアンパン019.jpg
O4 - Startup: つぶれアンパン020.jpg
O4 - Startup: つぶれアンパン021.jpg
O4 - Startup: つぶれアンパン022.jpg
O4 - Startup: つぶれアンパン023.jpg
O4 - Startup: つぶれアンパン024.jpg
O4 - Startup: つぶれアンパン025.jpg
O4 - Startup: つぶれアンパン026.jpg
O4 - Startup: つぶれアンパン027.jpg
O4 - Startup: つぶれアンパン028.jpg
O4 - Startup: つぶれアンパン029.jpg
O4 - Startup: キモヲタ is a terrorist group 001.jpg
O4 - Startup: キモヲタ is a terrorist group 002.jpg
O4 - Startup: キモヲタ is a terrorist group 003.jpg
O4 - Startup: キモヲタ is a terrorist group 004.jpg
O4 - Startup: キモヲタ is a terrorist group 005.jpg
O4 - Startup: キモヲタ is a terrorist group 006.jpg
O4 - Startup: キモヲタ is a terrorist group 007.jpg
O4 - Startup: キモヲタ is a terrorist group 008.jpg
O4 - Startup: キモヲタ is a terrorist group 009.jpg
O4 - Startup: キモヲタ is a terrorist group 010.jpg
O4 - Startup: タマ姉_01.JPG
O4 - Startup: ネカマでドンドコドン♪.htm
O4 - Startup: ネカマでドンドコドン♪齋藤雅幸(さいとうまさゆき)の巻.mht
O4 - Startup: ハルヒ_01.JPG
O4 - Startup: ハルヒ_02.JPG
O4 - Startup: ハルヒ_03.JPG
O4 - Startup: ハルヒ_04.JPG
O4 - Startup: ハルヒ_05.JPG
O4 - Startup: ハルヒ_06.JPG
O4 - Startup: ハルヒ_07.JPG
O4 - Startup: ハルヒ_08.JPG
O4 - Startup: マックス.jpg
O4 - Startup: 愛野美奈子01.jpg
O4 - Startup: 愛野美奈子02.jpg
O4 - Startup: 愛野美奈子03.jpg
O4 - Startup: 愛野美奈子04.jpg
O4 - Startup: 愛野美奈子05.jpg
O4 - Startup: 愛野美奈子06.jpg
O4 - Startup: 愛野美奈子07.jpg
O4 - Startup: 愛野美奈子08.jpg
O4 - Startup: 更新ネカマでドンドコドン♪.htm
O4 - Startup: 森たかお のネカマでドンドコドン♪.mht
O4 - Startup: 無修正 おかずがいっぱい.jpg
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: Odosla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&osla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: &Prepojene poznamky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojene poznamky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 24092 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2010-12-26 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2010-09-09 109568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2010-12-26 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-10-11 1244040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-03 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-11-23 919408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-03 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2010-12-26 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2010-12-26 3911776]
{D4027C7F-154A-4066-A1AD-4243D8127440} - LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-10-11 1244040]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-07-20 18670592]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-05 281768]
"AutoKMS"=C:\WINDOWS\AutoKMS.exe [2010-10-10 615936]
"pedo"=mshta http://www.nurs.or.jp/~jisatsu/bbs/bbs.cgi []
"hentai"=mshta http://6111.teacup.com/namikare/bbs []
"anime"=mshta http://namikare.net/img/ []
"namikarem"=mshta http://www.namikarem.net/nami.cgi []
"namikare"=mshta http://netart.jp/namikare/nami.cgi []
"oshioki"=wscript.exe C:\WINDOWS\shell.vbs []
"kimoi"=url,FileProtocolHandler C:\WINDOWS\kimoi.html []
"jinmei"=mshta http://namikare.net/jinmei/index.php []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"AlSrvN"=C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe [2010-02-06 53760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Manager]
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe [2010-09-09 2107392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegGenie v2.1 - Trial Expired]
C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe [2010-11-17 1242448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-12-13 395640]
C:\Documents and Settings\erik\Start Menu\Programs\Startup
0000002.jpg
0000009.jpg
0007176M.jpg
0009147M.jpg
0009148.jpg
0012209.jpg
0012230M.jpg
0012247M.jpg
0012250.jpg
0013267.jpg
0013268.jpg
0013269M.jpg
0013270.jpg
0013271.jpg
0013272.jpg
0013274.jpg
0014155.jpg
0014194.jpg
0014371.jpg
0014961.jpg
0015561M.jpg
0016248M.jpg
0016253.jpg
0016279M.jpg
0016280M.jpg
0016283M.png
0016285M.jpg
0016288M.jpg
0016292.jpg
0016293.jpg
0016294M.jpg
0016298.jpg
0016399M.jpg
0016431M.jpg
0016535.jpg
0016538.jpg
0016542.jpg
0016544.jpg
0016558M.jpg
0016563M.jpg
0016930M.jpg
0016957M.jpg
0018135.jpg
0018135_2.jpg
002.JPG
003.JPG
004.jpg
01.jpg
010.jpg
017.jpg
018.jpg
02.jpg
026.jpg
029.jpg
03.jpg
032.jpg
033.jpg
04.jpg
05.jpg
06.jpg
069.jpg
07.jpg
070.jpg
072.jpg
076.jpg
077.jpg
078.jpg
08.jpg
081.jpg
082.jpg
084.jpg
085.jpg
087.jpg
088.jpg
0888.jpg
089.jpg
09.jpg
095.jpg
097.jpg
0978.jpg
098.jpg
0991235.jpg
100.jpg
100478.jpg
102.jpg
103.jpg
1050321640252.jpg
1052989611046.jpg
107.jpg
10789.jpg
108554.jpg
11.jpg
111.jpg
112.jpg
115.jpg
116.jpg
117.jpg
118.jpg
12.jpg
120.jpg
1210.jpg
122.jpg
1220.jpg
123.jpg
127.jpg
128.jpg
129.jpg
13.jpg
130.jpg
131.jpg
135.jpg
137.jpg
14.jpg
140.jpg
142.jpg
143.jpg
147.jpg
15.jpg
156.jpg
157.jpg
159.jpg
16.jpg
160.jpg
165.jpg
167.jpg
17.jpg
173.jpg
178.jpg
179.jpg
189.jpg
192.jpg
193.jpg
194.jpg
197.jpg
198.jpg
20030511005681.jpg
20030511997723.jpg
20030512038402.jpg
20030512038763.jpg
20030513045383.jpg
20030513047402.jpg
20030514058214.jpg
20030514073792.jpg
20030514076298.jpg
20030514079546.jpg
20030515092341.jpg
20030515095095.jpg
20030515097776.jpg
20030515101961.jpg
20030515107675.jpg
20030516113383.jpg
20030516114956.jpg
20030516117524.jpg
20030517136706.jpg
20030517137441.jpg
20030517139625.jpg
20030517147667.jpg
20030517148700.jpg
20030518163758.jpg
20030518185681.jpg
20030518188541.jpg
20030518188935.jpg
20030518191812.jpg
20030519216593.jpg
20030519218957.jpg
20030519223709.jpg
20030520250141.jpg
20030522266203.jpg
20030522281371.jpg
20030522288750.jpg
20030522290300.jpg
20030523301769.jpg
20030523312531.jpg
20030523315306.jpg
20030523319607.jpg
20030524326017.jpg
20030524326994.jpg
20030524339125.jpg
20030524340412.jpg
20030524341475.jpg
20030524353624.jpg
20030525354108.jpg
20030525363917.jpg
20030525373056.jpg
20030525376417.jpg
20030525377251.jpg
20030526387633.jpg
20030527393051.jpg
20030527393150.jpg
20030528401197.jpg
20030529431613.jpg
20030529436212.jpg
20030529442985.jpg
20030530462371.jpg
20030530466741.jpg
20030531473135.jpg
20030531481991.jpg
20030601486649.jpg
20030601489609.jpg
20030601489856.jpg
20030601502604.jpg
20030601513338.jpg
20030602516883.jpg
20030602519660.jpg
20030602522073.jpg
20030602524702.jpg
20030602530345.jpg
20030602537490.jpg
20030602537917.jpg
20030603543543.jpg
20030603552322.jpg
20030603558104.jpg
20030604578236.jpg
20030604586779.jpg
20030604589651.jpg
20030605597362.jpg
20030605603096.jpg
20030605610311.jpg
20030606619473.jpg
20030606622265.jpg
20030607638228.jpg
20030607640381.jpg
20030607641618.jpg
20030607647696.jpg
20030607647784.jpg
20030607649548.jpg
20030607649633.jpg
20030607650240.jpg
20030607652254.jpg
20030608672538.jpg
20030608672641.jpg
20030608673643.jpg
20030608687234.jpg
20030609691471.jpg
20030609692669.jpg
20030610702578.jpg
20030610703565.jpg
20030610704428.jpg
20030610706014.jpg
20030610710727.jpg
20030610711397.jpg
20030610711420.jpg
20030610717206.jpg
20030611732528.jpg
20030611735850.jpg
20030612751338.jpg
20030612760383.jpg
20030612762726.jpg
20030613776833.jpg
20030613779284.jpg
20030613784837.jpg
20030614790092.jpg
20030614790457.jpg
20030614798651.jpg
20030614800066.jpg
20030615813778.jpg
20030615818040.jpg
20030615824613.jpg
20030615836694.jpg
20030615836800.jpg
20030616847076.jpg
20030616847383.jpg
20030616847987.jpg
20030616848429.jpg
20030616849736.jpg
20030616854202.jpg
20030616856295.jpg
20030616856322.jpg
20030616862002.jpg
2010.html
202.jpg
203.jpg
212.jpg
229.jpg
230.jpg
231.jpg
236.jpg
237.jpg
265c4f636de2ca13312c-1024.jpg
3110.jpg
3、射精後.JPG
44a7e6cd220e65003021-L.jpg
50cb1e72bdb10a79e3e6-L.gif
5cac83e2.jpg
9775b-1024.jpg
autorun.inf
B01R4472.html
B01R4477.html
B11R2637.html
B13R2238.html
B13R7027.html
B20R936.html
B25R447.html
B25R449.html
B25R450.html
B26R622.html
B26R624.html
B26R625.html
B26R626.html
B26R631.html
B26R660.html
B26R661.html
B26R662.html
B26R663.html
B27R975.html
B42R809.html
B42R812.html
B42R832.html
B52R3185.html
B53R1180.html
D223.JPG
D224.JPG
D225.JPG
d80b-L.jpg
DSC00471.jpg
DSC00880.JPG
DSC00883.JPG
DSC00895.JPG
DSC01493.JPG
DSC01495.JPG
dscf0021.jpg
dscf0023.jpg
dscf0026.jpg
dscf0027.jpg
dscf0028.jpg
dscf0030.jpg
dscf0035.jpg
dscf0037.jpg
fg001.JPG
fg002.JPG
fg003.JPG
fg004.JPG
fg005.JPG
fg006.JPG
fg007.JPG
fg008.JPG
fg009.JPG
help.html
icon.ico
index.html
index2.html
keritaoC (マックス).jpg
keroro_01.jpg
keroro_02.jpg
keroro_03.jpg
kimoi.html
KIMOWOTA is a mental disease..jpg
kimowota school.jpg
licca01_001.jpg
licca01_003.jpg
licca01_004.jpg
licca01_006.jpg
licca01_010.jpg
mitsune001-019-1.jpg
mitsune001-055-1.jpg
mitsune001-092-1.jpg
mitsune001-172-1.jpg
mitsune001-234-1.jpg
mitsune001-236-1.jpg
mitsune001-242-1.jpg
mitsune001-243-1.jpg
mitsune001-248-1.jpg
mitune07.jpg
myung28jp.jpg
namikare.vbs
naru01.jpg
naru02.jpg
naru04.jpg
naru09.jpg
ns_13.jpg
P1010034.JPG
page_0.html
page_1.html
page_10.html
page_11.html
page_12.html
page_13.html
page_14.html
page_15.html
page_2.html
page_3.html
page_4.html
page_5.html
page_6.html
page_7.html
page_8.html
page_9.html
page_a1.html
page_a2.html
PEDO2010.html
Pedophilia is an intense bad smell.jpg
Picture.html
README.html
Sayaka_01.jpg
Sayaka_02.jpg
Sayaka_03.jpg
Sayaka_04.jpg
Sayaka_05.jpg
shell.vbs
t01.jpg
t02.jpg
t03.jpg
t04.jpg
t05.jpg
t06.jpg
taka01.jpg
taka02.jpg
taka03.jpg
taka04.jpg
taka05.jpg
taka06.jpg
taka07.jpg
taka08.jpg
taka09.jpg
taka10.jpg
taka11.jpg
taka12.jpg
taka13.jpg
taka14.jpg
The bad smell of pedophilia was expressed..jpg
to_alice01.jpg
to_alice02.jpg
to_alice03.jpg
to_alice04.jpg
to_alice05.jpg
to_alice06.jpg
tsuyoimo_036.jpg
tsuyoimo_058.jpg
tsuyoimo_062.jpg
tsuyoimo_065.jpg
tsuyoimo_078.jpg
tsuyoimo_079.jpg
tsuyoimo_120.jpg
vclp01.JPG
w_cast07.jpg
w_cast08.jpg
w_cast10.jpg
_fg001.JPG
_fg002.JPG
_fg003.JPG
_fg004.JPG
_fg005.JPG
_fg006.JPG
_fg007.JPG
_fg008.JPG
_fg009.JPG
_fg010.JPG
_fg011.JPG
「ぶっかけ使用済み枕カバー」 オークションにて出品 完売.zip
くさい、きたない、きもちわるい 悪い結果を社会に招くテロリスト集団 The キモヲタ 001.jpg
くさい、きたない、きもちわるい 悪い結果を社会に招くテロリスト集団 The キモヲタ 002.jpg
つぶれアンパン001.jpg
つぶれアンパン002.jpg
つぶれアンパン003.jpg
つぶれアンパン004.jpg
つぶれアンパン005.jpg
つぶれアンパン006.jpg
つぶれアンパン007.jpg
つぶれアンパン008.jpg
つぶれアンパン009.jpg
つぶれアンパン010.jpg
つぶれアンパン011.jpg
つぶれアンパン012.jpg
つぶれアンパン013.jpg
つぶれアンパン014.jpg
つぶれアンパン015.jpg
つぶれアンパン016.jpg
つぶれアンパン017.jpg
つぶれアンパン018.jpg
つぶれアンパン019.jpg
つぶれアンパン020.jpg
つぶれアンパン021.jpg
つぶれアンパン022.jpg
つぶれアンパン023.jpg
つぶれアンパン024.jpg
つぶれアンパン025.jpg
つぶれアンパン026.jpg
つぶれアンパン027.jpg
つぶれアンパン028.jpg
つぶれアンパン029.jpg
キモヲタ is a terrorist group 001.jpg
キモヲタ is a terrorist group 002.jpg
キモヲタ is a terrorist group 003.jpg
キモヲタ is a terrorist group 004.jpg
キモヲタ is a terrorist group 005.jpg
キモヲタ is a terrorist group 006.jpg
キモヲタ is a terrorist group 007.jpg
キモヲタ is a terrorist group 008.jpg
キモヲタ is a terrorist group 009.jpg
キモヲタ is a terrorist group 010.jpg
タマ姉_01.JPG
ネカマでドンドコドン♪.htm
ネカマでドンドコドン♪齋藤雅幸(さいとうまさゆき)の巻.mht
ハルヒ_01.JPG
ハルヒ_02.JPG
ハルヒ_03.JPG
ハルヒ_04.JPG
ハルヒ_05.JPG
ハルヒ_06.JPG
ハルヒ_07.JPG
ハルヒ_08.JPG
マックス.jpg
愛野美奈子01.jpg
愛野美奈子02.jpg
愛野美奈子03.jpg
愛野美奈子04.jpg
愛野美奈子05.jpg
愛野美奈子06.jpg
愛野美奈子07.jpg
愛野美奈子08.jpg
更新ネカマでドンドコドン♪.htm
森たかお のネカマでドンドコドン♪.mht
無修正 おかずがいっぱい.jpg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-26 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-01-08 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-01-08 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?ETorrent"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Valve\Steam\SteamApps\common\dirt 2\dirt2.exe"="C:\Program Files\Valve\Steam\SteamApps\common\dirt 2\dirt2.exe:*:Enabled:DiRT 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Utatane\Utatane.exe"="E:\Utatane\Utatane.exe:*:Enabled:Utatane"
"C:\Documents and Settings\erik\Desktop\Share\Share.exe"="C:\Documents and Settings\erik\Desktop\Share\Share.exe:*:Enabled:Share"
"C:\Program Files\Valve\Steam\SteamApps\1kyuubi1\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\1kyuubi1\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
======List of files/folders created in the last 1 months======
2011-02-01 09:40:38 ----D---- C:\rsit
2011-02-01 09:40:38 ----D---- C:\Program Files\trend micro
2011-02-01 09:39:02 ----N---- C:\WINDOWS\KMSEmulator.exe
2011-02-01 09:38:13 ----D---- C:\WINDOWS\system32\xircom
2011-02-01 09:38:13 ----D---- C:\Program Files\xerox
2011-02-01 09:38:12 ----D---- C:\Program Files\microsoft frontpage
2011-02-01 09:35:34 ----D---- C:\Documents and Settings\erik\Application Data\Malwarebytes
2011-02-01 09:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-02-01 09:35:29 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-02-01 09:35:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-01 09:35:26 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-02-01 09:33:26 ----SHD---- C:\RECYCLER
2011-02-01 09:33:14 ----SD---- C:\ComboFix
2011-02-01 09:26:29 ----D---- C:\WINDOWS\temp
2011-02-01 09:26:28 ----A---- C:\ComboFix.txt
2011-02-01 09:15:03 ----A---- C:\Boot.bak
2011-02-01 09:15:00 ----RASHD---- C:\cmdcons
2011-02-01 09:11:44 ----A---- C:\WINDOWS\zip.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\SWSC.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\SWREG.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\sed.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\PEV.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\NIRCMD.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\MBR.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\grep.exe
2011-02-01 09:11:40 ----D---- C:\WINDOWS\ERDNT
2011-02-01 09:11:02 ----D---- C:\Qoobox
2011-02-01 09:07:49 ----SHD---- C:\WINDOWS\CSC
2011-02-01 09:07:43 ----A---- C:\WINDOWS\ntbtlog.txt
2011-01-31 21:20:39 ----RA---- C:\WINDOWS\shell.vbs
2011-01-31 21:20:39 ----RA---- C:\WINDOWS\namikare.vbs
2011-01-27 09:32:08 ----A---- C:\WINDOWS\AutoKMS.tmp
2011-01-26 16:16:40 ----A---- C:\WINDOWS\Time Stopper Setup Log.txt
2011-01-21 11:33:08 ----D---- C:\Program Files\Intelore
2011-01-20 12:24:57 ----D---- C:\Program Files\Free ISO Creator
2011-01-20 11:59:44 ----D---- C:\Program Files\DVD Decrypter
2011-01-15 20:22:54 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2011-01-15 20:22:51 ----A---- C:\WINDOWS\system32\NCTWMVFile.dll
2011-01-15 20:22:51 ----A---- C:\WINDOWS\system32\NCTVideoFile.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTVideoCompress.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTMPEGFile.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAVIFile.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioLibrary2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioCompress2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\lame_enc.dll
2011-01-15 20:22:47 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2011-01-15 20:22:46 ----D---- C:\Program Files\SoftwareDepo.com
2011-01-15 20:19:06 ----D---- C:\Documents and Settings\erik\Application Data\Xilisoft
2011-01-15 20:17:57 ----D---- C:\Program Files\Xilisoft
2011-01-15 20:14:06 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2011-01-15 20:14:04 ----D---- C:\Program Files\AoA Audio Extractor
2011-01-15 20:07:23 ----D---- C:\Documents and Settings\erik\Application Data\COWON
2011-01-15 12:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-06 11:04:24 ----D---- C:\Program Files\DAEMON Tools Pro
2011-01-03 13:27:40 ----D---- C:\Program Files\Unlocker
2011-01-03 13:27:40 ----D---- C:\Documents and Settings\erik\Application Data\QuickStoresToolbar
======List of files/folders modified in the last 1 months======
2011-02-01 09:40:38 ----RD---- C:\Program Files
2011-02-01 09:39:51 ----D---- C:\WINDOWS\system32
2011-02-01 09:39:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-01 09:39:46 ----D---- C:\Program Files\Mozilla Firefox
2011-02-01 09:39:36 ----D---- C:\WINDOWS\Prefetch
2011-02-01 09:39:02 ----D---- C:\WINDOWS
2011-02-01 09:38:41 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-01 09:38:13 ----D---- C:\WINDOWS\system32\wbem
2011-02-01 09:37:51 ----D---- C:\WINDOWS\system32\drivers
2011-02-01 09:24:42 ----A---- C:\WINDOWS\system.ini
2011-02-01 09:24:37 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-01 09:23:04 ----D---- C:\WINDOWS\AppPatch
2011-02-01 09:23:01 ----D---- C:\Program Files\Common Files
2011-02-01 09:15:03 ----RASH---- C:\boot.ini
2011-02-01 09:07:56 ----D---- C:\Documents and Settings
2011-02-01 00:43:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-31 21:50:53 ----D---- C:\Program Files\JDownloader
2011-01-31 21:44:04 ----A---- C:\WINDOWS\MegaManager.INI
2011-01-31 21:39:51 ----D---- C:\Documents and Settings\erik\Application Data\mIRC
2011-01-31 20:21:41 ----D---- C:\Documents and Settings\erik\Application Data\uTorrent
2011-01-31 10:45:50 ----D---- C:\Program Files\mIRC
2011-01-31 10:43:09 ----D---- C:\Documents and Settings\erik\Application Data\FP Uploader
2011-01-30 20:13:24 ----D---- C:\Documents and Settings\erik\Application Data\FileZilla
2011-01-30 10:57:18 ----D---- C:\Program Files\Alcohol Soft
2011-01-29 17:24:58 ----RSD---- C:\WINDOWS\Fonts
2011-01-29 15:13:53 ----D---- C:\Documents and Settings\erik\Application Data\ICQ
2011-01-28 15:54:34 ----D---- C:\Documents and Settings\erik\Application Data\Skype
2011-01-28 15:39:32 ----D---- C:\Documents and Settings\erik\Application Data\skypePM
2011-01-26 19:11:49 ----D---- C:\Program Files\MeGUI
2011-01-20 12:22:20 ----HD---- C:\WINDOWS\inf
2011-01-19 13:40:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-01-15 20:23:45 ----D---- C:\WINDOWS\system32\NtmsData
2011-01-15 20:23:04 ----D---- C:\WINDOWS\Registration
2011-01-15 20:18:25 ----SHD---- C:\WINDOWS\Installer
2011-01-15 20:18:24 ----D---- C:\WINDOWS\WinSxS
2011-01-15 20:06:52 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-15 20:03:35 ----A---- C:\Documents and Settings\erik\Application Data\DVDSubEdit.ini
2011-01-15 12:20:41 ----D---- C:\WINDOWS\Debug
2011-01-15 12:20:31 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-15 12:19:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-01-15 12:19:28 ----D---- C:\WINDOWS\system32\dllcache
2011-01-15 12:19:09 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-07 20:39:04 ----D---- C:\Program Files\ICQ7.2
2011-01-03 13:27:42 ----RSD---- C:\WINDOWS\assembly
2011-01-03 10:12:33 ----D---- C:\Documents and Settings\erik\Application Data\Mozilla
2011-01-02 21:14:49 ----D---- C:\Documents and Settings\erik\Application Data\Media Player Classic
2011-01-02 20:11:21 ----D---- C:\WINDOWS\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2009-01-08 61824]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-14 420920]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-12-23 135096]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2009-01-08 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-11-22 61960]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-01-08 62848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-01-08 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-08-26 5386752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-20 5795328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-01-08 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-01-08 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-29 142592]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-14 91904]
S3 a88zt61i;a88zt61i; C:\WINDOWS\system32\drivers\a88zt61i.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-14 132224]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-09 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-26 606208]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-03 153376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Virus v PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Virus v PC
Zdravím 
ComboFix se nedoporučuje používat bez dozoru zkušené osoby a většinou kontroly logu z jiného detekčního programu, případně spuštění CF s příslušným parametrem. Rádce ví, jak případné legitimní smazané soubory obnovit, zná příkazy, dokáže se orientovat v logu atp. Nejde jen o problém restartování PC v případě, když vir smaže knihovnu hal.dll, ale o nespočet dalších věcí, které často nelze ani předpovídat.
Vložte sem log C:\ComboFix.txt
ComboFix se nedoporučuje používat bez dozoru zkušené osoby a většinou kontroly logu z jiného detekčního programu, případně spuštění CF s příslušným parametrem. Rádce ví, jak případné legitimní smazané soubory obnovit, zná příkazy, dokáže se orientovat v logu atp. Nejde jen o problém restartování PC v případě, když vir smaže knihovnu hal.dll, ale o nespočet dalších věcí, které často nelze ani předpovídat.
Vložte sem log C:\ComboFix.txt
Re: Virus v PC
Ano, ja viem co ComboFix dokaze sposobit. Kedze Avira a ani MBAM mi nic neukazali a pri starte mi vyhodi 150 obrazkov, tak som si na 100% isty, ze combofix log vam bude aj tak treba.
ComboFix 11-01-31.02 - Administrator 1/2011 Tue 9:21.1.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3063.2764 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Error: Cfiles.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\RegGenie
c:\documents and settings\All Users\Start Menu\Programs\RegGenie\RegGenie.lnk
c:\documents and settings\All Users\Start Menu\Programs\RegGenie\Uninstall RegGenie.lnk
c:\documents and settings\erik\Application Data\BDL+D
c:\documents and settings\erik\Application Data\BDL+D\ZOO(JB)\12486\____.hld
c:\documents and settings\erik\Application Data\BDL+D\ZOO(JB)\12486\____.sys
c:\documents and settings\erik\Application Data\chrtmp
c:\documents and settings\erik\Application Data\PriceGong
c:\documents and settings\erik\Application Data\PriceGong\Data\1.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\a.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\b.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\c.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\d.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\e.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\f.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\g.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\h.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\i.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\J.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\k.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\l.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\m.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\n.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\o.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\p.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\q.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\r.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\s.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\t.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\u.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\v.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\w.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\x.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\y.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\z.xml
c:\documents and settings\erik\My Documents\fafa.reg
c:\program files\RegGenie
c:\program files\RegGenie\Backups\40453,7954814005
c:\program files\RegGenie\Backups\40453,7962612037
c:\program files\RegGenie\Backups\40453,8068205556
c:\program files\RegGenie\Backups\40453,828509838
c:\program files\RegGenie\Backups\40453,8331589931
c:\program files\RegGenie\Backups\40453,8351573264
c:\program files\RegGenie\Backups\40454,5299699769
c:\program files\RegGenie\Backups\40454,5423741319
c:\program files\RegGenie\Backups\40457,6345361227
c:\program files\RegGenie\Backups\40457,7056685764
c:\program files\RegGenie\Backups\40457,709391088
c:\program files\RegGenie\Backups\40458,9040959491
c:\program files\RegGenie\Backups\40461,7930313194
c:\program files\RegGenie\IgnoredKeys.ini
c:\program files\RegGenie\IgnoredValues.ini
c:\program files\RegGenie\Logs\Scan on 10.10.2010 19-01-55.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 19-05-13.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 19-21-17.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 19-52-59.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 19-59-41.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 20-02-06.txt
c:\program files\RegGenie\Logs\Scan on 3.10.2010 12-42-12.txt
c:\program files\RegGenie\Logs\Scan on 3.10.2010 13-00-21.txt
c:\program files\RegGenie\Logs\Scan on 6.10.2010 15-13-10.txt
c:\program files\RegGenie\Logs\Scan on 6.10.2010 16-56-08.txt
c:\program files\RegGenie\Logs\Scan on 6.10.2010 17-01-17.txt
c:\program files\RegGenie\Logs\Scan on 7.10.2010 21-41-47.txt
c:\program files\RegGenie\RegGenie.bim
c:\program files\RegGenie\RegGenie.bin
c:\program files\RegGenie\RegGenie.exe
c:\program files\RegGenie\RegGenie.ini
c:\program files\RegGenie\RegGenieOnReboot.exe
c:\program files\RegGenie\RegGenieOnRebootExpired.exe
c:\program files\RegGenie\RegGenieOnUninstall.exe
c:\program files\RegGenie\RegGenieScheduler.exe
c:\program files\RegGenie\unins000.dat
c:\program files\RegGenie\unins000.exe
c:\program files\RegGenie\unins000.msg
.
((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
.
2011-02-01 08:07 . 2011-02-01 08:07 -------- d-----w- c:\documents and settings\Administrator
2011-01-31 20:20 . 2010-02-28 15:00 3005 ----a-r- c:\windows\namikare.vbs
2011-01-31 20:20 . 2010-02-28 15:00 2125 ----a-r- c:\windows\shell.vbs
2011-01-27 08:32 . 2011-02-01 08:06 77824 ----a-w- c:\windows\KMSEmulator.exe
2011-01-27 08:32 . 2011-01-27 08:32 0 ----a-w- c:\windows\AutoKMS.tmp
2011-01-21 10:33 . 2011-01-21 10:33 -------- d-----w- c:\program files\Intelore
2011-01-20 11:24 . 2011-01-20 11:24 -------- d-----w- c:\program files\Free ISO Creator
2011-01-20 10:59 . 2011-01-20 10:59 -------- d-----w- c:\program files\DVD Decrypter
2011-01-15 19:19 . 2011-01-15 19:19 -------- d-----w- c:\documents and settings\erik\Application Data\Xilisoft
2011-01-15 19:17 . 2011-01-15 19:17 -------- d-----w- c:\program files\Xilisoft
2011-01-15 19:14 . 2007-05-13 11:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-01-15 19:14 . 2011-01-15 19:14 -------- d-----w- c:\program files\AoA Audio Extractor
2011-01-15 19:07 . 2011-01-15 19:09 -------- d-----w- c:\documents and settings\erik\Application Data\COWON
2011-01-15 11:11 . 2010-11-09 14:50 253952 ------w- c:\windows\system32\dllcache\odbc32.dll
2011-01-15 11:11 . 2010-11-09 14:50 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2011-01-15 11:11 . 2010-11-09 14:50 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2011-01-15 11:11 . 2010-11-09 14:50 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2011-01-15 11:11 . 2010-11-09 14:50 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2011-01-06 10:04 . 2011-01-30 09:59 -------- d-----w- c:\program files\DAEMON Tools Pro
2011-01-03 12:27 . 2011-01-03 12:28 -------- d-----w- c:\program files\Unlocker
2011-01-03 12:27 . 2011-01-03 12:27 -------- d-----w- c:\documents and settings\erik\Application Data\QuickStoresToolbar
2011-01-02 21:57 . 2010-11-30 19:05 555112 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-01-02 21:57 . 2010-11-30 19:05 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-01-02 21:57 . 2010-11-30 19:05 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-01-02 21:57 . 2010-11-30 19:05 910808 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2011-01-02 21:57 . 2010-11-30 19:05 715736 ----a-w- c:\program files\Mozilla Firefox\mozcrt19.dll
2011-01-02 21:57 . 2010-11-30 19:05 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-01-02 21:57 . 2010-11-30 19:05 122328 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 09:06 . 2010-10-02 23:15 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 16:59 . 2010-10-03 04:53 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-22 13:02 . 2010-10-02 23:15 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-20 11:41 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-20 11:41 . 2009-08-18 10:24 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-18 18:12 . 2010-10-02 22:20 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:50 . 2009-01-08 19:10 253952 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2008-12-20 22:15 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2009-01-08 19:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2009-01-08 19:20 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-06 00:34 . 2008-12-20 22:15 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-26 17:54 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-26 17:54 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-26 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-26 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pedo"="mshta http:" [X]
"hentai"="mshta http:" [X]
"anime"="mshta http:" [X]
"namikarem"="mshta http:" [X]
"namikare"="mshta http:" [X]
"kimoi"="url" [X]
"jinmei"="mshta http:" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"AutoKMS"="c:\windows\AutoKMS.exe" [2010-10-10 615936]
"oshioki"="wscript.exe" [2009-01-08 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Manager]
2010-09-08 23:23 2107392 ----a-w- c:\program files\Megaupload\Mega Manager\MegaManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 17:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegGenie v2.1 - Trial Expired]
c:\program files\RegGenie\RegGenieOnRebootExpired.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 10:43 1242448 ----a-w- c:\program files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-13 20:26 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dirt 2\\dirt2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Utatane\\Utatane.exe"=
"c:\\Documents and Settings\\erik\\Desktop\\Share\\Share.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\1kyuubi1\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34862:TCP"= 34862:TCP:Utatane
"34671:TCP"= 34671:TCP:Share
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/3/2010 5:53 AM 420920]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/3/2010 12:15 AM 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/2/2010 11:31 PM 1684736]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/9/2010 6:58 AM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/9/2010 6:58 AM 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [10/8/2010 2:57 PM 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 1:28 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 10:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 1:28 AM 369688]
.
Contents of the 'Scheduled Tasks' folder
2011-01-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 15:12]
.
.
------- Supplementary Scan -------
.
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r0jz2jnq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe
MSConfigStartUp-RegGenie v2 - c:\program files\RegGenie\RegGenieOnReboot.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-01 09:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-02-01 09:26:28
ComboFix-quarantined-files.txt 2011-02-01 08:26
Pre-Run: 400,676,663,296 bytes free
Post-Run: 405,430,300,672 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - B8CA5C2B5A4C9C580CEF6FC71F1343C6
ComboFix 11-01-31.02 - Administrator 1/2011 Tue 9:21.1.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.3063.2764 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
Error: Cfiles.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\RegGenie
c:\documents and settings\All Users\Start Menu\Programs\RegGenie\RegGenie.lnk
c:\documents and settings\All Users\Start Menu\Programs\RegGenie\Uninstall RegGenie.lnk
c:\documents and settings\erik\Application Data\BDL+D
c:\documents and settings\erik\Application Data\BDL+D\ZOO(JB)\12486\____.hld
c:\documents and settings\erik\Application Data\BDL+D\ZOO(JB)\12486\____.sys
c:\documents and settings\erik\Application Data\chrtmp
c:\documents and settings\erik\Application Data\PriceGong
c:\documents and settings\erik\Application Data\PriceGong\Data\1.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\a.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\b.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\c.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\d.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\e.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\f.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\g.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\h.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\i.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\J.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\k.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\l.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\m.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\n.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\o.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\p.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\q.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\r.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\s.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\t.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\u.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\v.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\w.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\x.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\y.xml
c:\documents and settings\erik\Application Data\PriceGong\Data\z.xml
c:\documents and settings\erik\My Documents\fafa.reg
c:\program files\RegGenie
c:\program files\RegGenie\Backups\40453,7954814005
c:\program files\RegGenie\Backups\40453,7962612037
c:\program files\RegGenie\Backups\40453,8068205556
c:\program files\RegGenie\Backups\40453,828509838
c:\program files\RegGenie\Backups\40453,8331589931
c:\program files\RegGenie\Backups\40453,8351573264
c:\program files\RegGenie\Backups\40454,5299699769
c:\program files\RegGenie\Backups\40454,5423741319
c:\program files\RegGenie\Backups\40457,6345361227
c:\program files\RegGenie\Backups\40457,7056685764
c:\program files\RegGenie\Backups\40457,709391088
c:\program files\RegGenie\Backups\40458,9040959491
c:\program files\RegGenie\Backups\40461,7930313194
c:\program files\RegGenie\IgnoredKeys.ini
c:\program files\RegGenie\IgnoredValues.ini
c:\program files\RegGenie\Logs\Scan on 10.10.2010 19-01-55.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 19-05-13.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 19-21-17.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 19-52-59.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 19-59-41.txt
c:\program files\RegGenie\Logs\Scan on 2.10.2010 20-02-06.txt
c:\program files\RegGenie\Logs\Scan on 3.10.2010 12-42-12.txt
c:\program files\RegGenie\Logs\Scan on 3.10.2010 13-00-21.txt
c:\program files\RegGenie\Logs\Scan on 6.10.2010 15-13-10.txt
c:\program files\RegGenie\Logs\Scan on 6.10.2010 16-56-08.txt
c:\program files\RegGenie\Logs\Scan on 6.10.2010 17-01-17.txt
c:\program files\RegGenie\Logs\Scan on 7.10.2010 21-41-47.txt
c:\program files\RegGenie\RegGenie.bim
c:\program files\RegGenie\RegGenie.bin
c:\program files\RegGenie\RegGenie.exe
c:\program files\RegGenie\RegGenie.ini
c:\program files\RegGenie\RegGenieOnReboot.exe
c:\program files\RegGenie\RegGenieOnRebootExpired.exe
c:\program files\RegGenie\RegGenieOnUninstall.exe
c:\program files\RegGenie\RegGenieScheduler.exe
c:\program files\RegGenie\unins000.dat
c:\program files\RegGenie\unins000.exe
c:\program files\RegGenie\unins000.msg
.
((((((((((((((((((((((((( Files Created from 2011-01-01 to 2011-02-01 )))))))))))))))))))))))))))))))
.
2011-02-01 08:07 . 2011-02-01 08:07 -------- d-----w- c:\documents and settings\Administrator
2011-01-31 20:20 . 2010-02-28 15:00 3005 ----a-r- c:\windows\namikare.vbs
2011-01-31 20:20 . 2010-02-28 15:00 2125 ----a-r- c:\windows\shell.vbs
2011-01-27 08:32 . 2011-02-01 08:06 77824 ----a-w- c:\windows\KMSEmulator.exe
2011-01-27 08:32 . 2011-01-27 08:32 0 ----a-w- c:\windows\AutoKMS.tmp
2011-01-21 10:33 . 2011-01-21 10:33 -------- d-----w- c:\program files\Intelore
2011-01-20 11:24 . 2011-01-20 11:24 -------- d-----w- c:\program files\Free ISO Creator
2011-01-20 10:59 . 2011-01-20 10:59 -------- d-----w- c:\program files\DVD Decrypter
2011-01-15 19:19 . 2011-01-15 19:19 -------- d-----w- c:\documents and settings\erik\Application Data\Xilisoft
2011-01-15 19:17 . 2011-01-15 19:17 -------- d-----w- c:\program files\Xilisoft
2011-01-15 19:14 . 2007-05-13 11:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2011-01-15 19:14 . 2011-01-15 19:14 -------- d-----w- c:\program files\AoA Audio Extractor
2011-01-15 19:07 . 2011-01-15 19:09 -------- d-----w- c:\documents and settings\erik\Application Data\COWON
2011-01-15 11:11 . 2010-11-09 14:50 253952 ------w- c:\windows\system32\dllcache\odbc32.dll
2011-01-15 11:11 . 2010-11-09 14:50 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2011-01-15 11:11 . 2010-11-09 14:50 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2011-01-15 11:11 . 2010-11-09 14:50 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2011-01-15 11:11 . 2010-11-09 14:50 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2011-01-06 10:04 . 2011-01-30 09:59 -------- d-----w- c:\program files\DAEMON Tools Pro
2011-01-03 12:27 . 2011-01-03 12:28 -------- d-----w- c:\program files\Unlocker
2011-01-03 12:27 . 2011-01-03 12:27 -------- d-----w- c:\documents and settings\erik\Application Data\QuickStoresToolbar
2011-01-02 21:57 . 2010-11-30 19:05 555112 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-01-02 21:57 . 2010-11-30 19:05 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-01-02 21:57 . 2010-11-30 19:05 138712 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-01-02 21:57 . 2010-11-30 19:05 910808 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2011-01-02 21:57 . 2010-11-30 19:05 715736 ----a-w- c:\program files\Mozilla Firefox\mozcrt19.dll
2011-01-02 21:57 . 2010-11-30 19:05 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-01-02 21:57 . 2010-11-30 19:05 122328 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 09:06 . 2010-10-02 23:15 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 16:59 . 2010-10-03 04:53 420920 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-22 13:02 . 2010-10-02 23:15 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-20 11:41 . 2009-08-18 10:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-20 11:41 . 2009-08-18 10:24 17816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-18 18:12 . 2010-10-02 22:20 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:50 . 2009-01-08 19:10 253952 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:34 . 2008-12-20 22:15 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:34 . 2009-01-08 19:20 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2009-01-08 19:20 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-06 00:34 . 2008-12-20 22:15 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-26 17:54 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-26 17:54 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51 919408 ----a-w- c:\program files\kikin\ie_kikin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-26 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-26 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pedo"="mshta http:" [X]
"hentai"="mshta http:" [X]
"anime"="mshta http:" [X]
"namikarem"="mshta http:" [X]
"namikare"="mshta http:" [X]
"kimoi"="url" [X]
"jinmei"="mshta http:" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"AutoKMS"="c:\windows\AutoKMS.exe" [2010-10-10 615936]
"oshioki"="wscript.exe" [2009-01-08 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 04:42 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Manager]
2010-09-08 23:23 2107392 ----a-w- c:\program files\Megaupload\Mega Manager\MegaManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 17:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegGenie v2.1 - Trial Expired]
c:\program files\RegGenie\RegGenieOnRebootExpired.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 10:43 1242448 ----a-w- c:\program files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-13 20:26 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dirt 2\\dirt2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Utatane\\Utatane.exe"=
"c:\\Documents and Settings\\erik\\Desktop\\Share\\Share.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\1kyuubi1\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"34862:TCP"= 34862:TCP:Utatane
"34671:TCP"= 34671:TCP:Share
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/3/2010 5:53 AM 420920]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/3/2010 12:15 AM 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/2/2010 11:31 PM 1684736]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/9/2010 6:58 AM 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/9/2010 6:58 AM 8320]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [10/8/2010 2:57 PM 100560]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 1:28 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 10:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 1:28 AM 369688]
.
Contents of the 'Scheduled Tasks' folder
2011-01-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-10-11 15:12]
.
.
------- Supplementary Scan -------
.
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r0jz2jnq.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTAgent.exe
MSConfigStartUp-RegGenie v2 - c:\program files\RegGenie\RegGenieOnReboot.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-01 09:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-02-01 09:26:28
ComboFix-quarantined-files.txt 2011-02-01 08:26
Pre-Run: 400,676,663,296 bytes free
Post-Run: 405,430,300,672 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - B8CA5C2B5A4C9C580CEF6FC71F1343C6
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Virus v PC
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe, spusťte a do spodního okna vložte následující skript.
Kód: Vybrat vše
:Files
C:\Documents and Settings\erik\Start Menu\Programs\Startup\*.*
C:\WINDOWS\AutoKMS.exe
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AutoKMS"=-
"pedo"=-
"hentai"=-
"anime"=-
"namikarem"=-
"namikare"=-
"oshioki"=-
"kimoi"=-
"jinmei"=-
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]Microsoft Office máte legální?
Re: Virus v PC
OTL. Cakal som 10min. Normalne to skoncilo, ale PC sa nerestartoval, takze som to musel spravit natvrdo.
All processes killed
========== FILES ==========
C:\Documents and Settings\erik\Start Menu\Programs\Startup\autorun.inf moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B01R4472.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B01R4477.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B11R2637.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B13R2238.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B13R7027.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B20R936.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B25R447.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B25R449.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B25R450.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R622.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R624.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R625.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R626.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R631.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R660.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R661.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R662.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R663.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B27R975.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B42R809.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B42R812.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B42R832.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B52R3185.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B53R1180.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\desktop.ini moved successfully.
C:\WINDOWS\AutoKMS.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pedo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hentai deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\anime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\namikarem deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\namikare deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\oshioki deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kimoi deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jinmei deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 85468 bytes
->FireFox cache emptied: 9085552 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: erik
->Temp folder emptied: 41955071 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 116015307 bytes
->Flash cache emptied: 4311 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: patka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 931288 bytes
->FireFox cache emptied: 120663613 bytes
->Flash cache emptied: 32788 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2552921 bytes
Total Files Cleaned = 280,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: erik
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: patka
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.20.6 log created on 02012011_125004
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
NOVY RSIT LOG.
Logfile of random's system information tool 1.08 (written by random/random)
Run by erik at 2011-02-01 13:04:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 392 GB (64%) free of 610 GB
Total RAM: 3063 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:04:44, on 1.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\erik\Desktop\RSIT.exe
C:\Program Files\trend micro\erik.exe
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [AlSrvN] C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: Odosla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&osla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: &Prepojene poznamky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojene poznamky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8268 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2010-12-26 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2010-09-09 109568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2010-12-26 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-10-11 1244040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-03 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-11-23 919408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-03 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2010-12-26 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2010-12-26 3911776]
{D4027C7F-154A-4066-A1AD-4243D8127440} - LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-10-11 1244040]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-07-20 18670592]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-05 281768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"AlSrvN"=C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe [2010-02-06 53760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Manager]
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe [2010-09-09 2107392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegGenie v2.1 - Trial Expired]
C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe [2010-11-17 1242448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-12-13 395640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-26 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-01-08 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-01-08 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?ETorrent"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Valve\Steam\SteamApps\common\dirt 2\dirt2.exe"="C:\Program Files\Valve\Steam\SteamApps\common\dirt 2\dirt2.exe:*:Enabled:DiRT 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Utatane\Utatane.exe"="E:\Utatane\Utatane.exe:*:Enabled:Utatane"
"C:\Documents and Settings\erik\Desktop\Share\Share.exe"="C:\Documents and Settings\erik\Desktop\Share\Share.exe:*:Enabled:Share"
"C:\Program Files\Valve\Steam\SteamApps\1kyuubi1\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\1kyuubi1\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
======List of files/folders created in the last 1 months======
2011-02-01 12:50:04 ----D---- C:\_OTL
2011-02-01 09:40:38 ----D---- C:\rsit
2011-02-01 09:40:38 ----D---- C:\Program Files\trend micro
2011-02-01 09:39:02 ----N---- C:\WINDOWS\KMSEmulator.exe
2011-02-01 09:38:13 ----D---- C:\WINDOWS\system32\xircom
2011-02-01 09:38:13 ----D---- C:\Program Files\xerox
2011-02-01 09:38:12 ----D---- C:\Program Files\microsoft frontpage
2011-02-01 09:35:34 ----D---- C:\Documents and Settings\erik\Application Data\Malwarebytes
2011-02-01 09:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-02-01 09:35:29 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-02-01 09:35:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-01 09:35:26 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-02-01 09:33:26 ----SHD---- C:\RECYCLER
2011-02-01 09:33:14 ----SD---- C:\ComboFix
2011-02-01 09:26:29 ----D---- C:\WINDOWS\temp
2011-02-01 09:26:28 ----A---- C:\ComboFix.txt
2011-02-01 09:15:03 ----A---- C:\Boot.bak
2011-02-01 09:15:00 ----RASHD---- C:\cmdcons
2011-02-01 09:11:44 ----A---- C:\WINDOWS\zip.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\SWSC.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\SWREG.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\sed.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\PEV.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\NIRCMD.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\MBR.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\grep.exe
2011-02-01 09:11:40 ----D---- C:\WINDOWS\ERDNT
2011-02-01 09:11:02 ----D---- C:\Qoobox
2011-02-01 09:07:49 ----SHD---- C:\WINDOWS\CSC
2011-01-31 21:20:39 ----RA---- C:\WINDOWS\shell.vbs
2011-01-31 21:20:39 ----RA---- C:\WINDOWS\namikare.vbs
2011-01-21 11:33:08 ----D---- C:\Program Files\Intelore
2011-01-20 12:24:57 ----D---- C:\Program Files\Free ISO Creator
2011-01-20 11:59:44 ----D---- C:\Program Files\DVD Decrypter
2011-01-15 20:22:54 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2011-01-15 20:22:51 ----A---- C:\WINDOWS\system32\NCTWMVFile.dll
2011-01-15 20:22:51 ----A---- C:\WINDOWS\system32\NCTVideoFile.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTVideoCompress.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTMPEGFile.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAVIFile.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioLibrary2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioCompress2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\lame_enc.dll
2011-01-15 20:22:47 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2011-01-15 20:22:46 ----D---- C:\Program Files\SoftwareDepo.com
2011-01-15 20:19:06 ----D---- C:\Documents and Settings\erik\Application Data\Xilisoft
2011-01-15 20:17:57 ----D---- C:\Program Files\Xilisoft
2011-01-15 20:14:06 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2011-01-15 20:14:04 ----D---- C:\Program Files\AoA Audio Extractor
2011-01-15 20:07:23 ----D---- C:\Documents and Settings\erik\Application Data\COWON
2011-01-15 12:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-06 11:04:24 ----D---- C:\Program Files\DAEMON Tools Pro
2011-01-03 13:27:40 ----D---- C:\Program Files\Unlocker
2011-01-03 13:27:40 ----D---- C:\Documents and Settings\erik\Application Data\QuickStoresToolbar
======List of files/folders modified in the last 1 months======
2011-02-01 13:04:18 ----D---- C:\WINDOWS\system32
2011-02-01 13:04:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-01 13:00:33 ----D---- C:\Program Files\Mozilla Firefox
2011-02-01 13:00:22 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-01 13:00:16 ----D---- C:\WINDOWS
2011-02-01 12:51:18 ----D---- C:\WINDOWS\system32\Restore
2011-02-01 12:49:40 ----D---- C:\WINDOWS\Prefetch
2011-02-01 10:09:05 ----D---- C:\Documents and Settings\erik\Application Data\Media Player Classic
2011-02-01 10:08:53 ----D---- C:\WINDOWS\Debug
2011-02-01 09:40:38 ----RD---- C:\Program Files
2011-02-01 09:38:13 ----D---- C:\WINDOWS\system32\wbem
2011-02-01 09:37:52 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-01 09:37:51 ----D---- C:\WINDOWS\system32\drivers
2011-02-01 09:24:42 ----A---- C:\WINDOWS\system.ini
2011-02-01 09:24:37 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-01 09:23:04 ----D---- C:\WINDOWS\AppPatch
2011-02-01 09:23:01 ----D---- C:\Program Files\Common Files
2011-02-01 09:15:03 ----RASH---- C:\boot.ini
2011-02-01 09:07:56 ----D---- C:\Documents and Settings
2011-02-01 00:43:34 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-01-31 21:50:53 ----D---- C:\Program Files\JDownloader
2011-01-31 21:44:04 ----A---- C:\WINDOWS\MegaManager.INI
2011-01-31 21:39:51 ----D---- C:\Documents and Settings\erik\Application Data\mIRC
2011-01-31 20:21:41 ----D---- C:\Documents and Settings\erik\Application Data\uTorrent
2011-01-31 10:45:50 ----D---- C:\Program Files\mIRC
2011-01-31 10:43:09 ----D---- C:\Documents and Settings\erik\Application Data\FP Uploader
2011-01-30 20:13:24 ----D---- C:\Documents and Settings\erik\Application Data\FileZilla
2011-01-30 10:57:18 ----D---- C:\Program Files\Alcohol Soft
2011-01-29 17:24:58 ----RSD---- C:\WINDOWS\Fonts
2011-01-29 15:13:53 ----D---- C:\Documents and Settings\erik\Application Data\ICQ
2011-01-28 15:54:34 ----D---- C:\Documents and Settings\erik\Application Data\Skype
2011-01-28 15:39:32 ----D---- C:\Documents and Settings\erik\Application Data\skypePM
2011-01-26 19:11:49 ----D---- C:\Program Files\MeGUI
2011-01-20 12:22:20 ----HD---- C:\WINDOWS\inf
2011-01-19 13:40:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-01-15 20:23:45 ----D---- C:\WINDOWS\system32\NtmsData
2011-01-15 20:23:04 ----D---- C:\WINDOWS\Registration
2011-01-15 20:18:25 ----SHD---- C:\WINDOWS\Installer
2011-01-15 20:18:24 ----D---- C:\WINDOWS\WinSxS
2011-01-15 20:06:52 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-15 20:03:35 ----A---- C:\Documents and Settings\erik\Application Data\DVDSubEdit.ini
2011-01-15 12:20:31 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-15 12:19:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-01-15 12:19:28 ----D---- C:\WINDOWS\system32\dllcache
2011-01-07 20:39:04 ----D---- C:\Program Files\ICQ7.2
2011-01-03 13:27:42 ----RSD---- C:\WINDOWS\assembly
2011-01-03 10:12:33 ----D---- C:\Documents and Settings\erik\Application Data\Mozilla
2011-01-02 20:11:21 ----D---- C:\WINDOWS\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2009-01-08 61824]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-14 420920]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-12-23 135096]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2009-01-08 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-11-22 61960]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-01-08 62848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-01-08 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-08-26 5386752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-20 5795328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-01-08 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-01-08 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-29 142592]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-14 91904]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 ao40qwj1;ao40qwj1; C:\WINDOWS\system32\drivers\ao40qwj1.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-14 132224]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-09 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-26 606208]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-03 153376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
All processes killed
========== FILES ==========
C:\Documents and Settings\erik\Start Menu\Programs\Startup\autorun.inf moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B01R4472.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B01R4477.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B11R2637.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B13R2238.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B13R7027.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B20R936.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B25R447.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B25R449.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B25R450.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R622.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R624.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R625.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R626.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R631.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R660.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R661.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R662.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B26R663.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B27R975.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B42R809.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B42R812.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B42R832.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B52R3185.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\B53R1180.html moved successfully.
C:\Documents and Settings\erik\Start Menu\Programs\Startup\desktop.ini moved successfully.
C:\WINDOWS\AutoKMS.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pedo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hentai deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\anime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\namikarem deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\namikare deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\oshioki deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kimoi deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jinmei deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 85468 bytes
->FireFox cache emptied: 9085552 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: erik
->Temp folder emptied: 41955071 bytes
->Temporary Internet Files folder emptied: 65670 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 116015307 bytes
->Flash cache emptied: 4311 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: patka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 931288 bytes
->FireFox cache emptied: 120663613 bytes
->Flash cache emptied: 32788 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2552921 bytes
Total Files Cleaned = 280,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: erik
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: patka
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.20.6 log created on 02012011_125004
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
NOVY RSIT LOG.
Logfile of random's system information tool 1.08 (written by random/random)
Run by erik at 2011-02-01 13:04:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 392 GB (64%) free of 610 GB
Total RAM: 3063 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:04:44, on 1.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\erik\Desktop\RSIT.exe
C:\Program Files\trend micro\erik.exe
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [AlSrvN] C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: Odosla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&osla? do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: &Prepojene poznamky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojene poznamky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 8268 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2010-12-26 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2010-09-09 109568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2010-12-26 3911776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-10-11 1244040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-03 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-11-23 919408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-03 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTo1.dll [2010-12-26 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngin0.dll [2010-12-26 3911776]
{D4027C7F-154A-4066-A1AD-4243D8127440} - LimeWire Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-10-11 1244040]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-13 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-07-20 18670592]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-05 281768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"AlSrvN"=C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe [2010-02-06 53760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Manager]
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe [2010-09-09 2107392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegGenie v2.1 - Trial Expired]
C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe [2010-11-17 1242448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-12-13 395640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-26 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-01-08 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-01-08 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?ETorrent"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Valve\Steam\SteamApps\common\dirt 2\dirt2.exe"="C:\Program Files\Valve\Steam\SteamApps\common\dirt 2\dirt2.exe:*:Enabled:DiRT 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Utatane\Utatane.exe"="E:\Utatane\Utatane.exe:*:Enabled:Utatane"
"C:\Documents and Settings\erik\Desktop\Share\Share.exe"="C:\Documents and Settings\erik\Desktop\Share\Share.exe:*:Enabled:Share"
"C:\Program Files\Valve\Steam\SteamApps\1kyuubi1\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\1kyuubi1\counter-strike\hl.exe:*:Enabled:Counter-Strike"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
======List of files/folders created in the last 1 months======
2011-02-01 12:50:04 ----D---- C:\_OTL
2011-02-01 09:40:38 ----D---- C:\rsit
2011-02-01 09:40:38 ----D---- C:\Program Files\trend micro
2011-02-01 09:39:02 ----N---- C:\WINDOWS\KMSEmulator.exe
2011-02-01 09:38:13 ----D---- C:\WINDOWS\system32\xircom
2011-02-01 09:38:13 ----D---- C:\Program Files\xerox
2011-02-01 09:38:12 ----D---- C:\Program Files\microsoft frontpage
2011-02-01 09:35:34 ----D---- C:\Documents and Settings\erik\Application Data\Malwarebytes
2011-02-01 09:35:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-02-01 09:35:29 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-02-01 09:35:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-01 09:35:26 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-02-01 09:33:26 ----SHD---- C:\RECYCLER
2011-02-01 09:33:14 ----SD---- C:\ComboFix
2011-02-01 09:26:29 ----D---- C:\WINDOWS\temp
2011-02-01 09:26:28 ----A---- C:\ComboFix.txt
2011-02-01 09:15:03 ----A---- C:\Boot.bak
2011-02-01 09:15:00 ----RASHD---- C:\cmdcons
2011-02-01 09:11:44 ----A---- C:\WINDOWS\zip.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\SWSC.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\SWREG.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\sed.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\PEV.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\NIRCMD.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\MBR.exe
2011-02-01 09:11:44 ----A---- C:\WINDOWS\grep.exe
2011-02-01 09:11:40 ----D---- C:\WINDOWS\ERDNT
2011-02-01 09:11:02 ----D---- C:\Qoobox
2011-02-01 09:07:49 ----SHD---- C:\WINDOWS\CSC
2011-01-31 21:20:39 ----RA---- C:\WINDOWS\shell.vbs
2011-01-31 21:20:39 ----RA---- C:\WINDOWS\namikare.vbs
2011-01-21 11:33:08 ----D---- C:\Program Files\Intelore
2011-01-20 12:24:57 ----D---- C:\Program Files\Free ISO Creator
2011-01-20 11:59:44 ----D---- C:\Program Files\DVD Decrypter
2011-01-15 20:22:54 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2011-01-15 20:22:51 ----A---- C:\WINDOWS\system32\NCTWMVFile.dll
2011-01-15 20:22:51 ----A---- C:\WINDOWS\system32\NCTVideoFile.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTVideoCompress.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTMPEGFile.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAVIFile.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioLibrary2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioCompress2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2011-01-15 20:22:50 ----A---- C:\WINDOWS\system32\lame_enc.dll
2011-01-15 20:22:47 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2011-01-15 20:22:46 ----D---- C:\Program Files\SoftwareDepo.com
2011-01-15 20:19:06 ----D---- C:\Documents and Settings\erik\Application Data\Xilisoft
2011-01-15 20:17:57 ----D---- C:\Program Files\Xilisoft
2011-01-15 20:14:06 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2011-01-15 20:14:04 ----D---- C:\Program Files\AoA Audio Extractor
2011-01-15 20:07:23 ----D---- C:\Documents and Settings\erik\Application Data\COWON
2011-01-15 12:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-06 11:04:24 ----D---- C:\Program Files\DAEMON Tools Pro
2011-01-03 13:27:40 ----D---- C:\Program Files\Unlocker
2011-01-03 13:27:40 ----D---- C:\Documents and Settings\erik\Application Data\QuickStoresToolbar
======List of files/folders modified in the last 1 months======
2011-02-01 13:04:18 ----D---- C:\WINDOWS\system32
2011-02-01 13:04:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-02-01 13:00:33 ----D---- C:\Program Files\Mozilla Firefox
2011-02-01 13:00:22 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-01 13:00:16 ----D---- C:\WINDOWS
2011-02-01 12:51:18 ----D---- C:\WINDOWS\system32\Restore
2011-02-01 12:49:40 ----D---- C:\WINDOWS\Prefetch
2011-02-01 10:09:05 ----D---- C:\Documents and Settings\erik\Application Data\Media Player Classic
2011-02-01 10:08:53 ----D---- C:\WINDOWS\Debug
2011-02-01 09:40:38 ----RD---- C:\Program Files
2011-02-01 09:38:13 ----D---- C:\WINDOWS\system32\wbem
2011-02-01 09:37:52 ----HD---- C:\WINDOWS\$hf_mig$
2011-02-01 09:37:51 ----D---- C:\WINDOWS\system32\drivers
2011-02-01 09:24:42 ----A---- C:\WINDOWS\system.ini
2011-02-01 09:24:37 ----D---- C:\WINDOWS\system32\drivers\etc
2011-02-01 09:23:04 ----D---- C:\WINDOWS\AppPatch
2011-02-01 09:23:01 ----D---- C:\Program Files\Common Files
2011-02-01 09:15:03 ----RASH---- C:\boot.ini
2011-02-01 09:07:56 ----D---- C:\Documents and Settings
2011-02-01 00:43:34 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-01-31 21:50:53 ----D---- C:\Program Files\JDownloader
2011-01-31 21:44:04 ----A---- C:\WINDOWS\MegaManager.INI
2011-01-31 21:39:51 ----D---- C:\Documents and Settings\erik\Application Data\mIRC
2011-01-31 20:21:41 ----D---- C:\Documents and Settings\erik\Application Data\uTorrent
2011-01-31 10:45:50 ----D---- C:\Program Files\mIRC
2011-01-31 10:43:09 ----D---- C:\Documents and Settings\erik\Application Data\FP Uploader
2011-01-30 20:13:24 ----D---- C:\Documents and Settings\erik\Application Data\FileZilla
2011-01-30 10:57:18 ----D---- C:\Program Files\Alcohol Soft
2011-01-29 17:24:58 ----RSD---- C:\WINDOWS\Fonts
2011-01-29 15:13:53 ----D---- C:\Documents and Settings\erik\Application Data\ICQ
2011-01-28 15:54:34 ----D---- C:\Documents and Settings\erik\Application Data\Skype
2011-01-28 15:39:32 ----D---- C:\Documents and Settings\erik\Application Data\skypePM
2011-01-26 19:11:49 ----D---- C:\Program Files\MeGUI
2011-01-20 12:22:20 ----HD---- C:\WINDOWS\inf
2011-01-19 13:40:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2011-01-15 20:23:45 ----D---- C:\WINDOWS\system32\NtmsData
2011-01-15 20:23:04 ----D---- C:\WINDOWS\Registration
2011-01-15 20:18:25 ----SHD---- C:\WINDOWS\Installer
2011-01-15 20:18:24 ----D---- C:\WINDOWS\WinSxS
2011-01-15 20:06:52 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-15 20:03:35 ----A---- C:\Documents and Settings\erik\Application Data\DVDSubEdit.ini
2011-01-15 12:20:31 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-15 12:19:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-01-15 12:19:28 ----D---- C:\WINDOWS\system32\dllcache
2011-01-07 20:39:04 ----D---- C:\Program Files\ICQ7.2
2011-01-03 13:27:42 ----RSD---- C:\WINDOWS\assembly
2011-01-03 10:12:33 ----D---- C:\Documents and Settings\erik\Application Data\Mozilla
2011-01-02 20:11:21 ----D---- C:\WINDOWS\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2009-01-08 61824]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-14 420920]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-12-23 135096]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2009-01-08 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-11-22 61960]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-01-08 62848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-01-08 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-08-26 5386752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-20 5795328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-01-08 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-01-08 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-29 142592]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-14 91904]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 ao40qwj1;ao40qwj1; C:\WINDOWS\system32\drivers\ao40qwj1.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-10-08 100560]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-14 132224]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-09 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-26 606208]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-03 153376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Virus v PC
Za nelegální Microsoft Office si najděte legální náhradu nebo si ho zakupte. Podle pravidel fóra se zde nelegálním softwarem nezabýváme (nelegální programy představují bezpečnostní hrozbu).cino píše: Ten office mam stiahnuty.
Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy. Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe- Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
- Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.
Re: Virus v PC
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files\matlab\r2010a\toolbox\pde\crackb.m
c:\program files\matlab\r2010a\toolbox\pde\crackg.m
c:\program files\matlab\r2010a\toolbox\pde\ja\crackb.m
c:\program files\matlab\r2010a\toolbox\pde\ja\crackg.m
c:\program files\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.cpp
c:\program files\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.h
c:\program files\the kmplayer\moonlightreg\keygen.ex
c:\program files\the kmplayer\moonlightreg\keygen.exe
c:\program files\valve\steam\steamapps\1kyuubi1\counter-strike\cstrike\addons\amxmodx\data\xtreme-jumps\start\notkz_crackhops.txt
c:\program files\valve\steam\steamapps\1kyuubi1\counter-strike\cstrike\maps\notkz_crackhops.bsp
scanner sequence 3.EF.11
----- EOF -----
Vsetko odtialto poznam, ziadna hrozba s tychto programov nie je.
c:\program files\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files\matlab\r2010a\toolbox\pde\crackb.m
c:\program files\matlab\r2010a\toolbox\pde\crackg.m
c:\program files\matlab\r2010a\toolbox\pde\ja\crackb.m
c:\program files\matlab\r2010a\toolbox\pde\ja\crackg.m
c:\program files\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.cpp
c:\program files\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.h
c:\program files\the kmplayer\moonlightreg\keygen.ex
c:\program files\the kmplayer\moonlightreg\keygen.exe
c:\program files\valve\steam\steamapps\1kyuubi1\counter-strike\cstrike\addons\amxmodx\data\xtreme-jumps\start\notkz_crackhops.txt
c:\program files\valve\steam\steamapps\1kyuubi1\counter-strike\cstrike\maps\notkz_crackhops.bsp
scanner sequence 3.EF.11
----- EOF -----
Vsetko odtialto poznam, ziadna hrozba s tychto programov nie je.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Virus v PC
Znovu spusťte OTL s následujícím skriptem.
Log vložte sem.
Kód: Vybrat vše
:Files
c:\program files\the kmplayer\moonlightreg\keygen.ex
c:\program files\the kmplayer\moonlightreg\keygen.exe
C:\WINDOWS\KMSEmulator.exeRe: Virus v PC
========== FILES ==========
c:\program files\the kmplayer\moonlightreg\keygen.ex moved successfully.
c:\program files\the kmplayer\moonlightreg\keygen.exe moved successfully.
C:\WINDOWS\KMSEmulator.exe moved successfully.
OTL by OldTimer - Version 3.2.20.6 log created on 02012011_132710
c:\program files\the kmplayer\moonlightreg\keygen.ex moved successfully.
c:\program files\the kmplayer\moonlightreg\keygen.exe moved successfully.
C:\WINDOWS\KMSEmulator.exe moved successfully.
OTL by OldTimer - Version 3.2.20.6 log created on 02012011_132710
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Virus v PC
Uz je to vyzera byt v poriadku. Nic uz pri starte nevyskakuje. A predtym isiel v poriadku.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Virus v PC
Odinstalujte ComboFix přes:Start >> Spustit, zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
- Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
- Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.
Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
- Spusťte.
- Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)
Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
- Spusťte.
- Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)
Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
- Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
Záložka Čistič - Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
Záložka Registry - Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít
V logu nevidím firewall, doinstalujte 
Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523Toť vše.
Re: Virus v PC
Link na T-Cleaner nefunguje, ale nasiel som inde.
Vsetko spravene. Dakujem za pomoc.
Vsetko spravene. Dakujem za pomoc.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Přispějete na provoz fóra?