Daonol Trojan

caute dnes som dal preverit antivirom (nodom) systemovu particiu disku a naslo mi 3 virusy (trojanov): Daonol Trojan



No a nod ich nedokaze vyliecit.ten druhy subor som rucne vymazal, lebo som ho tam nasiel, ale aj to neviem ci pomoze. poradte co s tym vdaka.

Nazdar.

Stiahni DDS. Uloz na plochu, ukonci vsetky spustene programy a spust ho. Po skonceni scanu sa otvoria vysledky v 2 oknach - DDS.txt a Attach.txt. Obsah oboch by som rad videl.

prosim ta nemas nejaky iny link na ten program?... ten ako je na tom fore tak nejako nejde

U mne dobry...
Nefunguje ani jeden?
- http://download.bleepingcomputer.com/sUBs/dds.scr
- http://www.forospyware.com/sUBs/dds

DDS.txt




attach.txt

Logy prosim nedavat do /code ani /quote, blbo sa to potom studuje. Thx.

Tieto veci tam mas narocky?



Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

tak neviem hodilo mi to nejaku chybu ... http://img5.imgup.eu/combofix_error.JPG

Klikni na Ano.

Nie je to chyba, len potvrdenie podmienok pouzitia. A ako uz Duri napisal, treba kliknut na "Ano" a pokracovat dalej.

no tak tu to je

ComboFix 09-10-30.01 - Rado 02.11.2009 15:20.1.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1636 [GMT 1:00]
Running from: c:\documents and settings\Rado\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-10-31 11:34 . 2009-10-31 11:34 -------- d-----w- c:\windows\Performance
2009-10-31 11:34 . 2009-10-31 11:34 -------- d-----w- c:\documents and settings\Rado\Local Settings\Application Data\Microsoft Corporation
2009-10-31 11:34 . 2009-10-31 11:34 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-31 10:52 . 2009-10-31 10:52 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-31 10:52 . 2009-10-31 10:52 -------- d-----w- c:\documents and settings\Rado\Local Settings\Application Data\Downloaded Installations
2009-10-31 08:49 . 2009-10-31 08:49 -------- d-----w- C:\FOUND.013
2009-10-28 17:13 . 2009-10-28 17:13 -------- d-----w- c:\documents and settings\Rado\Application Data\ImgBurn
2009-10-28 17:11 . 2009-10-28 17:11 -------- d-----w- c:\program files\ImgBurn
2009-10-26 18:42 . 2009-10-26 18:42 -------- d-----w- c:\program files\Lavalys
2009-10-24 22:24 . 2009-10-24 22:24 -------- d-----w- c:\program files\YouTube Downloader
2009-10-20 14:02 . 2009-10-20 14:02 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-10-16 12:41 . 2009-10-16 12:41 -------- d-----w- c:\documents and settings\Rado\Application Data\Teeworlds
2009-10-14 16:00 . 2009-10-14 16:01 502 ---ha-w- C:\os501435.bin
2009-10-14 15:58 . 2009-10-14 15:58 -------- d-----w- c:\program files\DfW5Trial
2009-10-14 15:57 . 2009-10-14 15:58 -------- d-----w- c:\windows\Vbox
2009-10-12 13:47 . 2009-10-12 13:47 -------- d-----w- c:\program files\Recuva

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 16:01 . 2007-02-23 20:19 88568 ----a-w- c:\documents and settings\Rado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-01 15:57 . 2009-10-01 15:57 -------- d-----w- c:\program files\ICQ6.5
2009-09-22 20:07 . 2009-09-22 20:07 -------- d-----w- c:\documents and settings\Rado\Application Data\Dev-Cpp
2009-09-14 15:47 . 2009-09-14 15:47 -------- d-----w- c:\program files\Macromedia
2009-09-14 15:47 . 2009-09-14 15:47 -------- d-----w- c:\program files\Common Files\Macromedia
2009-08-21 20:13 . 2009-08-21 20:13 17778167 ----a-w- c:\windows\system32\SPIN fotokniha_AlbumMaker_uninstaller.exe
2006-05-03 10:06 . 2009-02-25 17:11 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-25 17:11 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-25 17:11 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-20 7680000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-20 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"SystemKey"="c:\documents and settings\All Users\Application Data\SystemKey\SystemKey.dll" [2006-04-07 339968]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"MMTray"="MMTray.exe" - c:\windows\system32\mmtray.exe [2001-11-09 53248]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-20 1617920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-03 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-12 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\winmm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lochmanovci^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Lochmanovci\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Hry\\Counter Strike\\hl.exe"=
"d:\\Hry\\Warcraft\\Warcraft 3 Regin of Chaos\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft\\Warcraft 3 Regin of Chaos\\Warcraft III\\War3.exe"=
"d:\\Hry\\Counter Strike\\cstrike.exe"=
"d:\\Hry\\Counter Strike\\hlds.exe"=
"d:\\Hry\\Counter Strike\\hltv.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\Hry\\Little Fighters LOL\\lf2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\apache\\Apache.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\apache\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Neoretix\\TubeHunter Ultra\\TubeHunter.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25997:TCP"= 25997:TCP:BitComet 25997 TCP
"25997:UDP"= 25997:UDP:BitComet 25997 UDP
"8080:TCP"= 8080:TCP:192.168.0.1
"64374:TCP"= 64374:TCP:utorrent

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2.7.2003 17:41 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2.7.2003 16:49 124160]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [25.2.2009 16:27 2944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [22.9.2008 19:55 457856]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
S3 ddsxeiservice;ddsxeiservice2;\??\c:\program files\sXe Injected\ddsxei.sys --> c:\program files\sXe Injected\ddsxei.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [3.3.2007 13:18 1527900]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [17.3.2007 12:24 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [17.3.2007 12:24 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [17.3.2007 12:24 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [17.3.2007 12:24 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [17.3.2007 12:24 83344]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [12.4.2008 10:42 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [12.4.2008 10:42 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [12.4.2008 10:42 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [12.4.2008 10:43 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [12.4.2008 10:43 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [12.4.2008 10:43 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [12.4.2008 10:43 98952]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyServer = www.edoma.sk
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZUxdm089YYSK
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
DPF: {CE40C3F1-3DF5-4461-A521-810923235628} - hxxp://www.joj.sk/fileadmin/joj_player/ ... Player.cab
FF - ProfilePath - c:\documents and settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\documents and settings\Rado\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Opera\program\plugins\npstar.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 15:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,bc,12,cd,6f,c8,7d,d9,e8,45,d9,20,a1,dd,e1,ef,51,7c,b9,8c,3e,47,75,
24,d8,f1,21,d5,58,7b,64,e2,0a,9a,f1,6e,1a,49,4e,63,4d,0f,98,b0,a6,b1,6c,04,\
"??"=hex:ad,a2,a9,11,d2,53,6e,74,d1,1d,fc,49,12,58,98,d3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

- - - - - - - > 'explorer.exe'(3276)
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2009-11-02 15:25
ComboFix-quarantined-files.txt 2009-11-02 14:25

Pre-Run: 14 115 471 360 bytes free
Post-Run: 50 adresárov, 14 577 369 088 voľných bajtov

- - End Of File - - 26FB56CE3FAC8F071B91383F46608942

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:


Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

spravil som to ... tu je log ktory dalo

ComboFix 09-10-30.01 - Rado 03.11.2009 19:09.2.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1622 [GMT 1:00]
Running from: c:\documents and settings\Rado\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rado\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-10-31 11:34 . 2009-10-31 11:34 -------- d-----w- c:\windows\Performance
2009-10-31 11:34 . 2009-10-31 11:34 -------- d-----w- c:\documents and settings\Rado\Local Settings\Application Data\Microsoft Corporation
2009-10-31 11:34 . 2009-10-31 11:34 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-31 10:52 . 2009-10-31 10:52 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-31 10:52 . 2009-10-31 10:52 -------- d-----w- c:\documents and settings\Rado\Local Settings\Application Data\Downloaded Installations
2009-10-31 08:49 . 2009-10-31 08:49 -------- d-----w- C:\FOUND.013
2009-10-28 17:13 . 2009-10-28 17:13 -------- d-----w- c:\documents and settings\Rado\Application Data\ImgBurn
2009-10-28 17:11 . 2009-10-28 17:11 -------- d-----w- c:\program files\ImgBurn
2009-10-26 18:42 . 2009-10-26 18:42 -------- d-----w- c:\program files\Lavalys
2009-10-24 22:24 . 2009-10-24 22:24 -------- d-----w- c:\program files\YouTube Downloader
2009-10-20 14:02 . 2009-10-20 14:02 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-10-16 12:41 . 2009-10-16 12:41 -------- d-----w- c:\documents and settings\Rado\Application Data\Teeworlds
2009-10-14 16:00 . 2009-10-14 16:01 502 ---ha-w- C:\os501435.bin
2009-10-14 15:58 . 2009-10-14 15:58 -------- d-----w- c:\program files\DfW5Trial
2009-10-14 15:57 . 2009-10-14 15:58 -------- d-----w- c:\windows\Vbox
2009-10-12 13:47 . 2009-10-12 13:47 -------- d-----w- c:\program files\Recuva

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 16:01 . 2007-02-23 20:19 88568 ----a-w- c:\documents and settings\Rado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-01 15:57 . 2009-10-01 15:57 -------- d-----w- c:\program files\ICQ6.5
2009-09-22 20:07 . 2009-09-22 20:07 -------- d-----w- c:\documents and settings\Rado\Application Data\Dev-Cpp
2009-09-14 15:47 . 2009-09-14 15:47 -------- d-----w- c:\program files\Macromedia
2009-09-14 15:47 . 2009-09-14 15:47 -------- d-----w- c:\program files\Common Files\Macromedia
2009-08-21 20:13 . 2009-08-21 20:13 17778167 ----a-w- c:\windows\system32\SPIN fotokniha_AlbumMaker_uninstaller.exe
2006-05-03 10:06 . 2009-02-25 17:11 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-25 17:11 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-25 17:11 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-20 7680000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-20 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"SystemKey"="c:\documents and settings\All Users\Application Data\SystemKey\SystemKey.dll" [2006-04-07 339968]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"MMTray"="MMTray.exe" - c:\windows\system32\mmtray.exe [2001-11-09 53248]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-20 1617920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-03 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-12 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\winmm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lochmanovci^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Lochmanovci\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Hry\\Counter Strike\\hl.exe"=
"d:\\Hry\\Warcraft\\Warcraft 3 Regin of Chaos\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft\\Warcraft 3 Regin of Chaos\\Warcraft III\\War3.exe"=
"d:\\Hry\\Counter Strike\\cstrike.exe"=
"d:\\Hry\\Counter Strike\\hlds.exe"=
"d:\\Hry\\Counter Strike\\hltv.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\Hry\\Little Fighters LOL\\lf2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\apache\\Apache.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\apache\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Neoretix\\TubeHunter Ultra\\TubeHunter.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25997:TCP"= 25997:TCP:BitComet 25997 TCP
"25997:UDP"= 25997:UDP:BitComet 25997 UDP
"8080:TCP"= 8080:TCP:192.168.0.1
"64374:TCP"= 64374:TCP:utorrent

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2.7.2003 17:41 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2.7.2003 16:49 124160]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [25.2.2009 16:27 2944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [22.9.2008 19:55 457856]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
S3 ddsxeiservice;ddsxeiservice2;\??\c:\program files\sXe Injected\ddsxei.sys --> c:\program files\sXe Injected\ddsxei.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [3.3.2007 13:18 1527900]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [17.3.2007 12:24 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [17.3.2007 12:24 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [17.3.2007 12:24 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [17.3.2007 12:24 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [17.3.2007 12:24 83344]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [12.4.2008 10:42 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [12.4.2008 10:42 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [12.4.2008 10:42 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [12.4.2008 10:43 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [12.4.2008 10:43 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [12.4.2008 10:43 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [12.4.2008 10:43 98952]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyServer = www.edoma.sk
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZUxdm089YYSK
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
DPF: {CE40C3F1-3DF5-4461-A521-810923235628} - hxxp://www.joj.sk/fileadmin/joj_player/ ... Player.cab
FF - ProfilePath - c:\documents and settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\documents and settings\Rado\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Opera\program\plugins\npstar.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 19:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,bc,12,cd,6f,c8,7d,d9,e8,45,d9,20,a1,dd,e1,ef,51,7c,b9,8c,3e,47,75,
24,d8,f1,21,d5,58,7b,64,e2,0a,9a,f1,6e,1a,49,4e,63,4d,0f,98,b0,a6,b1,6c,04,\
"??"=hex:ad,a2,a9,11,d2,53,6e,74,d1,1d,fc,49,12,58,98,d3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

- - - - - - - > 'explorer.exe'(2572)
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2009-11-03 19:15
ComboFix-quarantined-files.txt 2009-11-03 18:15
ComboFix2.txt 2009-11-02 14:25

Pre-Run: 14 700 199 936 bytes free
Post-Run: 50 adresárov, 14 756 560 896 voľných bajtov

- - End Of File - - 887FE3B0B8B3F9FF293F5DE90F881F69

Pod akym uctom si to robil? Boli vsetky bezpecnostne softy vypnute? Pretoze sa nic nezmazalo...

Skus to este raz, tentokrat v nudzovom rezime.

myslim ze trz uz by to malo byt ... predtym som zabudol vypat firewall windowsu

ComboFix 09-10-30.01 - Rado 04.11.2009 14:52.3.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.2047.1609 [GMT 1:00]
Running from: c:\documents and settings\Rado\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rado\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"C:\os501435.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.013
c:\found.013\FILE0000.CHK
c:\found.013\FILE0001.CHK
C:\os501435.bin

.
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-10-31 11:34 . 2009-10-31 11:34 -------- d-----w- c:\windows\Performance
2009-10-31 11:34 . 2009-10-31 11:34 -------- d-----w- c:\documents and settings\Rado\Local Settings\Application Data\Microsoft Corporation
2009-10-31 11:34 . 2009-10-31 11:34 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-31 10:52 . 2009-10-31 10:52 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-31 10:52 . 2009-10-31 10:52 -------- d-----w- c:\documents and settings\Rado\Local Settings\Application Data\Downloaded Installations
2009-10-28 17:13 . 2009-10-28 17:13 -------- d-----w- c:\documents and settings\Rado\Application Data\ImgBurn
2009-10-28 17:11 . 2009-10-28 17:11 -------- d-----w- c:\program files\ImgBurn
2009-10-26 18:42 . 2009-10-26 18:42 -------- d-----w- c:\program files\Lavalys
2009-10-24 22:24 . 2009-10-24 22:24 -------- d-----w- c:\program files\YouTube Downloader
2009-10-20 14:02 . 2009-10-20 14:02 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-10-16 12:41 . 2009-10-16 12:41 -------- d-----w- c:\documents and settings\Rado\Application Data\Teeworlds
2009-10-14 15:58 . 2009-10-14 15:58 -------- d-----w- c:\program files\DfW5Trial
2009-10-14 15:57 . 2009-10-14 15:58 -------- d-----w- c:\windows\Vbox
2009-10-12 13:47 . 2009-10-12 13:47 -------- d-----w- c:\program files\Recuva

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 16:01 . 2007-02-23 20:19 88568 ----a-w- c:\documents and settings\Rado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-01 15:57 . 2009-10-01 15:57 -------- d-----w- c:\program files\ICQ6.5
2009-09-22 20:07 . 2009-09-22 20:07 -------- d-----w- c:\documents and settings\Rado\Application Data\Dev-Cpp
2009-09-14 15:47 . 2009-09-14 15:47 -------- d-----w- c:\program files\Macromedia
2009-09-14 15:47 . 2009-09-14 15:47 -------- d-----w- c:\program files\Common Files\Macromedia
2009-08-21 20:13 . 2009-08-21 20:13 17778167 ----a-w- c:\windows\system32\SPIN fotokniha_AlbumMaker_uninstaller.exe
2006-05-03 10:06 . 2009-02-25 17:11 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-02-25 17:11 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-02-25 17:11 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-20 7680000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-20 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"SystemKey"="c:\documents and settings\All Users\Application Data\SystemKey\SystemKey.dll" [2006-04-07 339968]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"MMTray"="MMTray.exe" - c:\windows\system32\mmtray.exe [2001-11-09 53248]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-20 1617920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-03 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-1-12 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\winmm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lochmanovci^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Lochmanovci\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Hry\\Counter Strike\\hl.exe"=
"d:\\Hry\\Warcraft\\Warcraft 3 Regin of Chaos\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft\\Warcraft 3 Regin of Chaos\\Warcraft III\\War3.exe"=
"d:\\Hry\\Counter Strike\\cstrike.exe"=
"d:\\Hry\\Counter Strike\\hlds.exe"=
"d:\\Hry\\Counter Strike\\hltv.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\Hry\\Little Fighters LOL\\lf2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=
"c:\\apache\\Apache.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\apache\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Neoretix\\TubeHunter Ultra\\TubeHunter.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25997:TCP"= 25997:TCP:BitComet 25997 TCP
"25997:UDP"= 25997:UDP:BitComet 25997 UDP
"8080:TCP"= 8080:TCP:192.168.0.1
"64374:TCP"= 64374:TCP:utorrent

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2.7.2003 17:41 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2.7.2003 16:49 124160]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [25.2.2009 16:27 2944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [22.9.2008 19:55 457856]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 5:30 20480]
S3 ddsxeiservice;ddsxeiservice2;\??\c:\program files\sXe Injected\ddsxei.sys --> c:\program files\sXe Injected\ddsxei.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [3.3.2007 13:18 1527900]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [17.3.2007 12:24 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [17.3.2007 12:24 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [17.3.2007 12:24 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [17.3.2007 12:24 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [17.3.2007 12:24 83344]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\drivers\s716bus.sys [12.4.2008 10:42 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\drivers\s716mdfl.sys [12.4.2008 10:42 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\drivers\s716mdm.sys [12.4.2008 10:42 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s716mgmt.sys [12.4.2008 10:43 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\drivers\s716nd5.sys [12.4.2008 10:43 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\drivers\s716obex.sys [12.4.2008 10:43 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\drivers\s716unic.sys [12.4.2008 10:43 98952]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = www.edoma.sk
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout Star Downloaderem - c:\program files\Star Downloader\sdie.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\documents and settings\Rado\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Opera\program\plugins\npstar.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 14:57
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,bc,12,cd,6f,c8,7d,d9,e8,45,d9,20,a1,dd,e1,ef,51,7c,b9,8c,3e,47,75,
24,d8,f1,21,d5,58,7b,64,e2,0a,9a,f1,6e,1a,49,4e,63,4d,0f,98,b0,a6,b1,6c,04,\
"??"=hex:ad,a2,a9,11,d2,53,6e,74,d1,1d,fc,49,12,58,98,d3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

- - - - - - - > 'explorer.exe'(2380)
c:\program files\ESET\ESET Smart Security\eplgHooks.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1029\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2009-11-04 15:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-04 14:00
ComboFix2.txt 2009-11-02 14:25

Pre-Run: 14 714 503 168 bytes free
Post-Run: 47 adresárov, 14 679 638 016 voľných bajtov

- - End Of File - - EF94BEA19BC7F46614AED854F0015340

1) Stiahni a spust AVPTool. Vypracuj log podla navodu a vloz ho.


2) Stiahni RootRepeal. Spustis program, kliknes na "Report" -> "Scan" a zafajknes vsetky polozky. Stlac "OK" a spusti sa scan. Po jeho dokonceni klik na "Save Report" a vzniknuty log skopiruj sem.

1) AVP log (neviem či ho chces celý alebo len ten kúsok, kde je napísané, ktoré súbory zmazal, dám ti len ten kúsok, keď tak napíš a dám celý)

Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Clicker.Win32.VBiframe.abv File: D:\System Volume Information\_restore{4B65205D-9279-4938-A734-922B755A5695}\RP128\A0034864.exe
deleted: Trojan program Trojan-Clicker.Win32.VBiframe.abv File: I:\Hry\The Punisher\hoodlum.exe

2) RootRepeal mi pri scane hodil modrú obrazovku tak neviem

Dobre spravene. V navode na AVPTool sa pise, ze staci tento kusok

A miesto RR pouzijeme iny antirootkit:
Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a vpravo zafajknes vsetky polozky OKREM:

• Sections
• IAT/EAT
• Registry
• nesystemovych diskov a particii (system je zvycajne na "C:\" - takze nezaskrtnute nechas "D:\", "E:\"...atd.)
• Show All

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

Pri scannovaní nič nenašlo (dúfam, že to je dobre )

log c1
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit quick scan 2009-11-09 16:04:36
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Rado\LOCALS~1\Temp\kwlyqfow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----


log c2

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-09 16:08:41
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Rado\LOCALS~1\Temp\kwlyqfow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 51981CE2 C:\PROGRA~1\DVDREG~1\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2016] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\Cdrom \Device\CdRom0 89C08778
Device \Driver\Cdrom \Device\CdRom0 8A52A358
Device \Driver\Cdrom \Device\CdRom1 89C08778
Device \Driver\Cdrom \Device\CdRom1 8A52A358
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-c 89C718C0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 89C718C0
Device \Driver\atapi \Device\Ide\IdePort0 89C718C0
Device \Driver\atapi \Device\Ide\IdePort1 89C718C0
Device \Driver\atapi \Device\Ide\IdePort2 89C718C0
Device \Driver\atapi \Device\Ide\IdePort3 89C718C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-19 89C718C0

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\axwhisky \Device\Scsi\axwhisky1Port4Path0Target0Lun0 89C13760
Device \Driver\axwhisky \Device\Scsi\axwhisky1 89C13760

AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

Taaaakze...ideme sa bit

Stiahni DaonolFix na plochu. Spust a stac 2 -> Enter. Zacne scan, po jeho skonceni sa vytvori log, ten posli.

Let's fight !

DaonolFix (15.04.09) by jpshortstuff
Log created at 15:28 on 10/11/2009 by Rado
Running from C:\Documents and Settings\Rado\Desktop\DaonolFix.exe

=====Fix Daonol=====


=====Find Daonol=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="wdmaud.drv"
"aux1"="wdmaud.drv"
"aux2"="wdmaud.drv"
"aux3"="wdmaud.drv"
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midi3"="wdmaud.drv"
"midi4"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"mixer4"="wdmaud.drv"
"msacm.divxa32"="DivXa32.acm"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="L3codeca.acm"
"msacm.lameacm"="lameACM.acm"
"msacm.lhacm"="lhacm.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"msacm.vorbis"="vorbis.acm"
"MSVideo8"="VfWWDM32.dll"
"VIDC.ASV1"="asusasv1.dll"
"VIDC.ASV2"="asusasv2.dll"
"vidc.cvid"="iccvid.dll"
"vidc.DIV3"="DivXc32.dll"
"vidc.DIV4"="DivXc32f.dll"
"vidc.DIVX"="DivX.dll"
"vidc.dmb1"="m3jpeg32.dll"
"VIDC.FPS1"="frapsvid.dll"
"VIDC.HFYU"="huffyuv.dll"
"VIDC.I263"="i263_32.drv"
"VIDC.I420"="i420vfw.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.MJPG"="pvmjpg21.dll"
"VIDC.MJPX"="pvmjpg21.dll"
"VIDC.MKVC"="KMVIDC32.DLL"
"vidc.MP42"="Mpg4c32.dll"
"vidc.MP43"="Mpg4c32.dll"
"vidc.MPG4"="Mpg4c32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.MSZH"="avimszh.dll"
"VIDC.PIMJ"="pvljpg20.dll"
"VIDC.PVW2"="pvwv220.dll"
"VIDC.tscc"="tsccvid.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.vcr1"="ativcr1.dll"
"VIDC.vcr2"="ativcr2.dll"
"VIDC.VIFP"="VFCodec.dll"
"vidc.VP60"="vp6vfw.dll"
"vidc.VP61"="vp6vfw.dll"
"vidc.VP62"="vp6vfw.dll"
"vidc.xvid"="xvid.dll"
"VIDC.YUY2"="msyuv.dll"
"vidc.yv12"="yv12vfw.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.ZLIB"="avizlib.dll"
"wave"="wdmaud.drv"
"wave1"="wdmaud.drv"
"wave2"="wdmaud.drv"
"wave3"="wdmaud.drv"
"wave4"="wdmaud.drv"
"wavemapper"="msacm32.drv"


-=End Of File=-

OK. Next steps:

1) Stiahni SystemLook. Uloz na plochu a spust. Do okna skopiruj:


Klikni na "Look" a nechaj program dokoncit scan. Po jeho skonceni sa ti zobrazi log, ktory potrebujem vidiet. V pripade problemov sa nachadza aj na ploche.


2) Potom ta poprosim o novy log z ComboFixu a opis stavu a spravania PC.

SystemLook log

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:47 on 11/11/2009 by Rado (Administrator - Elevation successful)

========== filefind ==========

Searching for "jwtlofx.dat "
No files found.

Searching for "*fx.dat "
No files found.

========== regfind ==========

Searching for "jwtlofx.dat "
No data found.

Searching for "*fx.dat "
No data found.

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="wdmaud.drv"
"aux1"="wdmaud.drv"
"aux2"="wdmaud.drv"
"aux3"="wdmaud.drv"
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midi3"="wdmaud.drv"
"midi4"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"mixer4"="wdmaud.drv"
"msacm.divxa32"="DivXa32.acm"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="L3codeca.acm"
"msacm.lameacm"="lameACM.acm"
"msacm.lhacm"="lhacm.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"msacm.vorbis"="vorbis.acm"
"MSVideo8"="VfWWDM32.dll"
"VIDC.ASV1"="asusasv1.dll"
"VIDC.ASV2"="asusasv2.dll"
"vidc.cvid"="iccvid.dll"
"vidc.DIV3"="DivXc32.dll"
"vidc.DIV4"="DivXc32f.dll"
"vidc.DIVX"="DivX.dll"
"vidc.dmb1"="m3jpeg32.dll"
"VIDC.FPS1"="frapsvid.dll"
"VIDC.HFYU"="huffyuv.dll"
"VIDC.I263"="i263_32.drv"
"VIDC.I420"="i420vfw.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.MJPG"="pvmjpg21.dll"
"VIDC.MJPX"="pvmjpg21.dll"
"VIDC.MKVC"="KMVIDC32.DLL"
"vidc.MP42"="Mpg4c32.dll"
"vidc.MP43"="Mpg4c32.dll"
"vidc.MPG4"="Mpg4c32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.MSZH"="avimszh.dll"
"VIDC.PIMJ"="pvljpg20.dll"
"VIDC.PVW2"="pvwv220.dll"
"VIDC.tscc"="tsccvid.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.vcr1"="ativcr1.dll"
"VIDC.vcr2"="ativcr2.dll"
"VIDC.VIFP"="VFCodec.dll"
"vidc.VP60"="vp6vfw.dll"
"vidc.VP61"="vp6vfw.dll"
"vidc.VP62"="vp6vfw.dll"
"vidc.xvid"="xvid.dll"
"VIDC.YUY2"="msyuv.dll"
"vidc.yv12"="yv12vfw.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.ZLIB"="avizlib.dll"
"wave"="wdmaud.drv"
"wave1"="wdmaud.drv"
"wave2"="wdmaud.drv"
"wave3"="wdmaud.drv"
"wave4"="wdmaud.drv"
"wavemapper"="msacm32.drv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]


-=End Of File=-


ComboFix log

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 13:47 on 11/11/2009 by Rado (Administrator - Elevation successful)

========== filefind ==========

Searching for "jwtlofx.dat "
No files found.

Searching for "*fx.dat "
No files found.

========== regfind ==========

Searching for "jwtlofx.dat "
No data found.

Searching for "*fx.dat "
No data found.

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="wdmaud.drv"
"aux1"="wdmaud.drv"
"aux2"="wdmaud.drv"
"aux3"="wdmaud.drv"
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midi3"="wdmaud.drv"
"midi4"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"mixer4"="wdmaud.drv"
"msacm.divxa32"="DivXa32.acm"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="L3codeca.acm"
"msacm.lameacm"="lameACM.acm"
"msacm.lhacm"="lhacm.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"msacm.vorbis"="vorbis.acm"
"MSVideo8"="VfWWDM32.dll"
"VIDC.ASV1"="asusasv1.dll"
"VIDC.ASV2"="asusasv2.dll"
"vidc.cvid"="iccvid.dll"
"vidc.DIV3"="DivXc32.dll"
"vidc.DIV4"="DivXc32f.dll"
"vidc.DIVX"="DivX.dll"
"vidc.dmb1"="m3jpeg32.dll"
"VIDC.FPS1"="frapsvid.dll"
"VIDC.HFYU"="huffyuv.dll"
"VIDC.I263"="i263_32.drv"
"VIDC.I420"="i420vfw.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.MJPG"="pvmjpg21.dll"
"VIDC.MJPX"="pvmjpg21.dll"
"VIDC.MKVC"="KMVIDC32.DLL"
"vidc.MP42"="Mpg4c32.dll"
"vidc.MP43"="Mpg4c32.dll"
"vidc.MPG4"="Mpg4c32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.MSZH"="avimszh.dll"
"VIDC.PIMJ"="pvljpg20.dll"
"VIDC.PVW2"="pvwv220.dll"
"VIDC.tscc"="tsccvid.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.vcr1"="ativcr1.dll"
"VIDC.vcr2"="ativcr2.dll"
"VIDC.VIFP"="VFCodec.dll"
"vidc.VP60"="vp6vfw.dll"
"vidc.VP61"="vp6vfw.dll"
"vidc.VP62"="vp6vfw.dll"
"vidc.xvid"="xvid.dll"
"VIDC.YUY2"="msyuv.dll"
"vidc.yv12"="yv12vfw.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.ZLIB"="avizlib.dll"
"wave"="wdmaud.drv"
"wave1"="wdmaud.drv"
"wave2"="wdmaud.drv"
"wave3"="wdmaud.drv"
"wave4"="wdmaud.drv"
"wavemapper"="msacm32.drv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]


-=End Of File=-

čo sa týka správania PC myslím, že správa rovnako. Iba som si tak všimol, že sa mi na dvoch partíciach vytvoril priečinok recycled, ktorý obsahuje skrýtý súbor info2 veľkosť 2 kb. A na samostatnom disku sa mi vytvoril priečinok recycler, ktorý je prázdny. Ani jeden z priečinkov nejde vymazať. A taktiež na systémovej partici sú priečinky s názvom Found+nejaké číslo (ale to bude asi tými programami). Inak nič viac.

To nie je ComboFix

Bud som slepy, sprosty, hlupak, alebo tam naozaj nic nevidim...s tymi zlozkami sa vysporiadame


Cize log z CF+OTL:

Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.

Neviem prečo ale hodilo mi len jeden. Nemal som vypať aj antivirák a pod?
Tu je ten jeden log.

OTL logfile created on: 11.11.2009 21:01:48 - Run 5
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Rado\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 77,04% Memory free
2,60 Gb Paging File | 2,21 Gb Available in Paging File | 85,09% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30,66 Gb Total Space | 14,48 Gb Free Space | 47,22% Space Free | Partition Type: FAT32
Drive D: | 46,00 Gb Total Space | 20,74 Gb Free Space | 45,08% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 0,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
Drive I: | 298,09 Gb Total Space | 212,15 Gb Free Space | 71,17% Space Free | Partition Type: NTFS

Computer Name: RADO-BUA96KUDHL
Current User Name: Rado
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.11.11 21:00:08 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rado\Desktop\OTL.exe
PRC - [2009.10.19 15:50:14 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008.03.01 04:54:52 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2007.12.21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2007.06.15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007.04.16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007.03.10 16:22:16 | 00,221,184 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exe
PRC - [2006.11.03 11:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac7302\Monitor.exe
PRC - [2006.09.20 04:25:00 | 00,168,003 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006.09.13 11:12:52 | 00,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.09.13 11:07:08 | 00,880,640 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006.03.03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006.02.19 02:41:10 | 00,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005.09.25 13:11:16 | 00,265,728 | ---- | M] (Fengtao Software Inc.) -- C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe
PRC - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004.08.04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009.11.11 21:00:08 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rado\Desktop\OTL.exe
MOD - [2008.03.01 04:59:10 | 00,010,496 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\eplgHooks.dll
MOD - [2006.08.25 17:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005.09.25 13:11:08 | 00,155,648 | ---- | M] (Fengtao Software Inc.) -- C:\Program Files\DVD Region+CSS Free\DVDSys.dll
MOD - [2004.08.04 00:56:44 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.06.17 17:05:50 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2008.03.01 04:58:08 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EHttpSrv)
SRV - [2007.12.21 08:21:16 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2007.06.15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.03.10 16:22:16 | 00,221,184 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7)
SRV - [2007.02.26 17:42:58 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006.10.30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.10.30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2006.10.20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2006.09.20 04:25:00 | 00,168,003 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006.09.12 21:55:36 | 00,724,992 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006.03.03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.11.17 14:18:52 | 01,527,900 | ---- | M] (MAGIX®) -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.09.23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005.09.23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004.08.04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.01.25 05:30:52 | 00,020,480 | ---- | M] () -- c:\apache\APACHE.EXE -- (PHPGeekUtil)


========== Driver Services (SafeList) ==========

DRV - File not found -- -- (catchme)
DRV - [2009.04.28 22:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009.02.25 16:27:06 | 00,002,944 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\bbcap.sys -- (bbcap)
DRV - [2009.02.06 18:02:28 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.09.24 10:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008.03.01 04:56:36 | 00,054,280 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2008.03.01 04:56:34 | 00,030,728 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008.03.01 04:56:30 | 00,071,176 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2008.03.01 04:52:30 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007.08.17 12:48:02 | 00,011,973 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.06.14 15:29:08 | 00,457,856 | ---- | M] (PixArt Imaging Inc.) -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007.04.04 12:43:38 | 00,098,952 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s716unic.sys -- (s716unic)
DRV - [2007.04.04 12:43:36 | 00,098,568 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s716obex.sys -- (s716obex)
DRV - [2007.04.04 12:43:36 | 00,023,176 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s716nd5.sys -- (s716nd5)
DRV - [2007.04.04 12:43:34 | 00,108,552 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007.04.04 12:43:34 | 00,100,360 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s716mgmt.sys -- (s716mgmt)
DRV - [2007.04.04 12:43:32 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007.04.04 12:43:20 | 00,083,208 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s716bus.sys -- (s716bus)
DRV - [2007.03.17 12:24:30 | 00,094,064 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm)
DRV - [2007.03.17 12:24:30 | 00,089,872 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2007.03.17 12:24:30 | 00,085,408 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k510mgmt.sys -- (k510mgmt)
DRV - [2007.03.17 12:24:30 | 00,083,344 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k510obex.sys -- (k510obex)
DRV - [2007.03.17 12:24:30 | 00,081,728 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2007.03.17 12:24:30 | 00,079,488 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2007.03.17 12:24:30 | 00,058,288 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus)
DRV - [2007.03.17 12:24:30 | 00,055,216 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus)
DRV - [2007.03.17 12:24:30 | 00,008,336 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl)
DRV - [2007.03.17 12:24:30 | 00,006,576 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2007.02.23 22:49:04 | 00,039,488 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2007.02.22 11:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 11:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006.11.07 10:42:30 | 00,086,368 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex)
DRV - [2006.11.07 10:42:28 | 00,088,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt)
DRV - [2006.11.07 10:42:24 | 00,097,056 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006.11.07 10:42:22 | 00,009,328 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006.11.07 10:42:16 | 00,061,504 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus)
DRV - [2006.09.20 04:25:00 | 04,107,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.04.12 11:04:40 | 00,049,664 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006.04.12 11:04:40 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006.04.12 11:04:40 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005.11.03 15:40:08 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2005.08.10 13:44:06 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 14:20:40 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005.02.09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004.08.03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2004.08.03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2004.03.08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003.07.18 02:58:20 | 00,036,992 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003.07.02 17:41:42 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\axwhisky.sys -- (axwhisky)
DRV - [2003.07.02 16:49:52 | 00,124,160 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\axwskbus.sys -- (axwskbus)
DRV - [2003.03.25 10:50:46 | 00,004,096 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002.10.17 08:14:46 | 00,049,024 | R--- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002.08.20 10:19:08 | 00,009,472 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002.07.10 16:39:34 | 00,032,256 | R--- | M] (SiS Corporation) -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001.08.23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [1997.12.23 02:00:00 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-583907252-688789844-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-583907252-688789844-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-583907252-688789844-839522115-1003\S-1-5-21-583907252-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-688789844-839522115-1003\S-1-5-21-583907252-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www.edoma.sk

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008.10.12 10:38:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008.10.12 10:38:20 | 00,000,000 | ---D | M]

[2008.10.12 10:38:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Extensions
[2008.10.12 10:38:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008.10.12 10:38:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\extensions
[2009.03.16 15:14:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009.10.12 17:29:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009.05.22 19:43:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\extensions\{9bae89f4-fe30-4710-bbed-256c9d6af2c3}
[2009.07.21 12:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.04.28 19:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\extensions\max@subfighter.com
[2009.04.28 19:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\extensions\staged-xpis
[2009.05.22 19:41:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\extensions\vlcplaylist@helgatauscher.de
[2009.11.06 13:23:48 | 00,000,955 | ---- | M] () -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin.xml
[2009.08.07 10:43:54 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-3.xml
[2009.08.07 18:10:56 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-6.xml
[2009.08.08 11:17:54 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-5.xml
[2009.08.08 20:14:54 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-2.xml
[2009.08.09 11:09:22 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-1.xml
[2009.08.09 18:23:48 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-4.xml
[2009.08.17 17:35:42 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-8.xml
[2009.09.09 13:11:12 | 00,000,961 | ---- | M] () -- C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-7.xml
[2008.10.12 10:38:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.01.25 20:41:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.04.29 15:14:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}
[2008.10.12 10:38:20 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.10 13:36:06 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.11.10 13:36:06 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2003.07.15 06:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009.11.10 13:36:08 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.08.17 17:40:24 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.08.17 17:40:26 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.17 17:40:26 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.17 17:40:26 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.17 17:40:26 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.17 17:40:26 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\webie.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-583907252-688789844-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MMTray] C:\WINDOWS\System32\mmtray.exe (Morgan Multimedia)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SystemKey] File not found
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-583907252-688789844-839522115-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-583907252-688789844-839522115-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 0
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-583907252-688789844-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Program Files\Star Downloader\sdie.htm File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra 'Tools' menuitem : &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra 'Tools' menuitem : Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra 'Tools' menuitem : Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\PC Translator\webie.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-583907252-688789844-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-CE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.110.186.240 193.110.187.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll - C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.02.23 20:55:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [1999.10.08 02:21:36 | 00,000,094 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008.03.08 09:55:05 | 00,000,000 | R--D | M] - G:\autorun -- [ CDFS ]
O32 - AutoRun File - [1999.10.08 02:21:36 | 00,129,024 | R--- | M] (Origin Systems Inc.) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1999.10.08 02:21:38 | 00,010,249 | R--- | M] () - G:\autorun.tre -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 7 Days ==========

[2009.11.11 20:59:57 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rado\Desktop\OTL.exe
[2009.11.11 13:59:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009.11.11 13:52:46 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009.11.11 13:52:46 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009.11.11 13:52:46 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009.11.11 13:52:46 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009.11.10 15:28:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rado\Desktop\DaonolFixBackups
[2009.11.09 18:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2009.11.08 10:44:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Rado\Recent
[2003.07.02 17:41:42 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwhisky.sys
[2003.07.02 16:49:52 | 00,124,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwskbus.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2009.11.11 21:00:08 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rado\Desktop\OTL.exe
[2009.11.11 19:25:52 | 00,004,641 | ---- | M] () -- C:\WINDOWS\wdict32.INI
[2009.11.11 16:23:58 | 00,000,471 | ---- | M] () -- C:\Documents and Settings\Rado\Desktop\Stronghold Crusader.lnk
[2009.11.11 15:50:24 | 00,000,863 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009.11.11 14:08:58 | 00,000,068 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2009.11.11 13:59:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.11 13:57:44 | 00,000,283 | ---- | M] () -- C:\WINDOWS\System.ini
[2009.11.11 13:52:18 | 03,563,260 | R--- | M] () -- C:\Documents and Settings\Rado\Desktop\ComboFix.exe
[2009.11.11 13:46:14 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Rado\Desktop\SystemLook.exe
[2009.11.11 13:32:20 | 00,087,040 | ---- | M] () -- C:\Documents and Settings\Rado\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.11 09:03:26 | 00,075,993 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.11.11 09:02:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.10 21:49:48 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Rado\NTUSER.DAT
[2009.11.10 21:49:44 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Rado\ntuser.ini
[2009.11.10 21:49:32 | 02,647,008 | -H-- | M] () -- C:\Documents and Settings\Rado\Local Settings\Application Data\IconCache.db
[2009.11.10 19:58:18 | 00,001,152 | ---- | M] () -- C:\WINDOWS\BALTIE.INI
[2009.11.10 15:26:38 | 00,100,352 | ---- | M] () -- C:\Documents and Settings\Rado\Desktop\DaonolFix.exe
[2009.11.09 19:07:30 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FIFA 2002.lnk
[2009.11.08 13:38:10 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009.11.08 13:38:10 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009.11.06 21:05:50 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.06 10:53:54 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.11.05 21:04:40 | 00,065,197 | ---- | M] () -- C:\Documents and Settings\Rado\Desktop\sk_slovak1.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.11.11 16:23:57 | 00,000,471 | ---- | C] () -- C:\Documents and Settings\Rado\Desktop\Stronghold Crusader.lnk
[2009.11.11 13:52:46 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.11.11 13:52:46 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009.11.11 13:52:46 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009.11.11 13:52:46 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.11 13:52:46 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009.11.11 13:47:04 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Rado\Desktop\SystemLook.exe
[2009.11.10 15:26:36 | 00,100,352 | ---- | C] () -- C:\Documents and Settings\Rado\Desktop\DaonolFix.exe
[2009.11.09 19:07:29 | 00,000,581 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FIFA 2002.lnk
[2009.11.08 10:44:58 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009.11.08 10:44:58 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009.11.05 21:04:39 | 00,065,197 | ---- | C] () -- C:\Documents and Settings\Rado\Desktop\sk_slovak1.pdf
[2009.07.19 22:39:41 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.07.10 16:34:09 | 00,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2009.06.23 20:48:38 | 00,078,155 | ---- | C] () -- C:\Documents and Settings\Rado\Application Data\NMM-MetaData.db
[2009.05.18 20:49:19 | 00,001,163 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2009.04.25 11:04:13 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Rado\Local Settings\Application Data\fusioncache.dat
[2009.02.25 18:12:04 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.02.07 17:41:14 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.02.06 13:07:39 | 00,000,024 | ---- | C] () -- C:\WINDOWS\Sniper.ini
[2008.12.18 14:26:19 | 00,001,152 | ---- | C] () -- C:\WINDOWS\BALTIE.INI
[2008.12.05 17:42:01 | 00,000,355 | ---- | C] () -- C:\WINDOWS\BeatBox.INI
[2008.09.22 19:55:05 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2008.03.15 18:41:27 | 00,201,216 | ---- | C] () -- C:\WINDOWS\System32\mediarcpt.dll
[2008.03.08 14:59:19 | 00,000,086 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2008.03.08 12:03:20 | 00,002,095 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007.12.27 14:22:11 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.12.27 14:22:11 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.12.27 14:22:11 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.12.27 14:22:11 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.27 14:19:32 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007.12.27 14:19:32 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.12.27 14:19:31 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007.12.27 13:38:16 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007.12.27 13:06:52 | 02,647,008 | -H-- | C] () -- C:\Documents and Settings\Rado\Local Settings\Application Data\IconCache.db
[2007.11.24 11:39:10 | 00,000,169 | ---- | C] () -- C:\WINDOWS\hiscore.ini
[2007.08.16 19:34:33 | 00,000,217 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2007.08.14 16:39:35 | 00,000,285 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.04.30 15:27:02 | 00,000,538 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2007.03.30 17:49:29 | 00,000,082 | ---- | C] () -- C:\WINDOWS\wb.ini
[2007.03.29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007.03.10 10:07:47 | 00,000,490 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.03.06 17:22:52 | 00,000,026 | ---- | C] () -- C:\WINDOWS\neosetup.INI
[2007.03.03 13:28:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MusicMaker.INI
[2007.03.03 13:17:06 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2007.03.03 13:15:39 | 00,005,817 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.03.02 15:55:37 | 00,087,040 | ---- | C] () -- C:\Documents and Settings\Rado\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.24 15:42:53 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007.02.24 15:40:16 | 00,000,658 | ---- | C] () -- C:\WINDOWS\webtran4.INI
[2007.02.24 14:12:25 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.02.24 13:50:20 | 00,003,740 | ---- | C] () -- C:\WINDOWS\wtran32.INI
[2007.02.24 13:49:26 | 00,004,641 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2007.02.24 13:22:37 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007.02.24 13:22:06 | 00,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2007.02.24 13:21:36 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2007.02.23 23:30:41 | 00,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.02.23 23:05:45 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.02.23 23:05:44 | 00,088,064 | ---- | C] () -- C:\WINDOWS\System32\AudioExCtl.dll
[2007.02.23 23:04:47 | 00,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini
[2007.02.23 23:02:53 | 00,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[2007.02.23 23:02:53 | 00,413,760 | ---- | C] () -- C:\WINDOWS\System32\Mpg4c32.dll
[2007.02.23 23:02:53 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[2007.02.23 23:02:45 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2007.02.23 23:02:45 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007.02.23 23:02:45 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007.02.23 23:02:34 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\avizlib.dll
[2007.02.23 23:02:34 | 00,088,064 | ---- | C] () -- C:\WINDOWS\System32\asusasv2.dll
[2007.02.23 23:02:34 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\asusasv1.dll
[2007.02.23 23:02:34 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\avimszh.dll
[2007.02.23 22:51:51 | 00,000,068 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2007.02.23 22:35:57 | 00,000,863 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.02.23 21:19:11 | 00,088,568 | ---- | C] () -- C:\Documents and Settings\Rado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007.02.23 21:12:40 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2007.02.23 21:00:55 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Rado\Application Data\desktop.ini
[2007.02.23 20:42:51 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006.01.03 18:12:04 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2005.01.05 20:11:12 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.01.05 20:11:11 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.01.05 20:11:10 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2005.01.05 20:11:10 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.01.05 20:11:10 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.01.05 20:11:09 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 15:38:04 | 00,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.21 14:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.21 12:51:52 | 00,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002.03.21 12:51:52 | 00,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002.03.21 12:51:52 | 00,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002.03.21 12:51:52 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002.03.21 12:51:52 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002.03.21 12:51:52 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002.03.21 12:51:52 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002.03.20 21:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2002.03.17 02:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000035.DLL
[2002.02.08 04:20:20 | 00,002,063 | ---- | C] () -- C:\WINDOWS\System32\my.ini
[2001.12.30 23:27:06 | 01,155,072 | ---- | C] () -- C:\WINDOWS\System32\php4ts.dll
[2001.09.19 22:52:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2001.08.23 12:00:00 | 00,000,755 | ---- | C] () -- C:\WINDOWS\win.ini
[2001.08.23 12:00:00 | 00,000,283 | ---- | C] () -- C:\WINDOWS\System.ini
[2001.08.16 20:04:46 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ming.dll
[2001.07.26 21:44:38 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2001.07.07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001.05.17 00:17:04 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2001.05.17 00:16:30 | 00,860,160 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2000.10.25 10:35:22 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2000.10.22 20:26:44 | 00,438,334 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2000.10.22 06:41:26 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\libsasl.dll
[2000.10.07 08:41:10 | 00,747,486 | ---- | C] () -- C:\WINDOWS\System32\iconv-1.3.dll
[2000.09.27 03:28:20 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2000.08.24 20:44:10 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2000.08.24 20:44:08 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2000.03.29 22:00:00 | 00,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999.08.11 15:28:02 | 00,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999.05.24 13:26:42 | 00,317,440 | ---- | C] () -- C:\WINDOWS\System32\FdfTk.dll
[1999.05.21 21:10:00 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998.01.28 00:06:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1997.09.08 02:13:48 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll

========== LOP Check ==========

[2007.03.03 13:18:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2007.03.10 16:22:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\SecuROM
[2007.03.13 10:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2007.04.04 18:31:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007.04.05 17:53:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007.05.19 10:19:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007.05.19 10:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008.06.28 13:07:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemKey
[2008.06.28 13:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009.01.25 20:41:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.02.25 16:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3A057BC4-897A-4BC2-8FB7-682E0458005E}
[2009.02.25 16:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2009.03.12 14:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.04.25 11:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SGP Systems
[2009.05.15 15:13:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009.05.15 15:15:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007.02.23 23:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\ACD Systems
[2007.02.24 11:12:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\ICQLite
[2007.02.24 11:16:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Opera
[2007.03.13 10:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Teleca
[2007.04.05 17:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\TuneUp Software
[2007.04.09 14:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Nvu
[2007.05.19 10:22:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Ulead Systems
[2007.07.24 18:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\OLYMPUS
[2008.02.08 19:08:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\3M
[2008.03.20 14:33:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Image Zone Express
[2008.05.14 17:48:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Rado\Application Data\SecuROM
[2008.06.21 19:05:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\ICQ
[2008.07.09 14:42:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Sony Setup
[2008.07.09 16:22:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Sony
[2008.07.09 16:23:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Publish Providers
[2009.01.19 14:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Acreon
[2009.02.14 21:27:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\uTorrent
[2009.02.25 16:27:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Blueberry
[2009.02.25 18:02:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\GetRightToGo
[2009.03.03 13:51:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Thinstall
[2009.03.12 14:40:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\ESET
[2009.04.25 11:31:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\SGP Systems
[2009.04.25 11:31:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\BaltieProject
[2009.05.01 11:43:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Docx2Rtf
[2009.05.01 11:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\NwDocx
[2009.05.15 15:14:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\PC Suite
[2009.05.15 15:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Nokia
[2009.06.01 16:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Nokia Multimedia Player
[2009.06.17 17:05:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Photodex
[2009.06.17 17:05:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Netscape
[2009.09.22 21:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Dev-Cpp
[2009.10.16 13:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\Teeworlds
[2009.10.28 18:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rado\Application Data\ImgBurn
[2001.08.23 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.11.11 13:59:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >

(Inak ak tam nič nevidíš to je dobre nie? )

Je to uz 5 sputenie programu, preto nie su 2 logy, len jeden

Skopiruj do policka pod nazvom "Custom Scans/Fixes":


Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.

Tak tu je

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Unable to set value : HKU\S-1-5-21-583907252-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E!
Registry value HKEY_USERS\S-1-5-21-583907252-688789844-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-583907252-688789844-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin.xml moved successfully.
C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Documents and Settings\Rado\Application Data\Mozilla\Firefox\Profiles\sj7yp6yv.default\searchplugins\icqplugin-7.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SystemKey deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-583907252-688789844-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-583907252-688789844-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Stáhnout Star Downloaderem\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F945D258}
C:\WINDOWS\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {D27CDB6E-CE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-CE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-CE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-CE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-CE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
========== FILES ==========
\Recycled folder moved successfully.
\FOUND.002 folder moved successfully.
\FOUND.000 folder moved successfully.
\FOUND.001 folder moved successfully.
\FOUND.003 folder moved successfully.
\FOUND.004 folder moved successfully.
\FOUND.005 folder moved successfully.
\FOUND.006 folder moved successfully.
\FOUND.007 folder moved successfully.
\FOUND.008 folder moved successfully.
\FOUND.009 folder moved successfully.
\FOUND.010 folder moved successfully.
\FOUND.013 folder moved successfully.
\FOUND.011 folder moved successfully.
\FOUND.012 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Rado
->Temp folder emptied: 2147888 bytes
->Temporary Internet Files folder emptied: 2801451 bytes
->FireFox cache emptied: 74070300 bytes

User: Lochmanovci

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75,39 mb


OTL by OldTimer - Version 3.1.5.0 log created on 11122009_160147

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OK, tym padom by to malo byt cele

1) Docistime to:

• Odinstaluj Combofix:
  Start -> Spustit -> (napis) combofix /uninstall

• Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).

• Precisti PC CCleanerom (vratane registrov).

• Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.

tu je HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:19, on 13.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\apache\APACHE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
c:\apache\APACHE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.edoma.sk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7663 bytes

1) Updatuj Adobe Reader (poslednu verziu najdes >>tu<<).


2) Odinstaluj SpyBot (Start -> Ovl. Panel -> Pridat/Odstranit Programy).
Ak by to neslo, pouzi Revo Uninstaller.

A tot vsjo

ok diki MOC za pomoc