ComboFix 09-03-15.01 - WARPIG 2009-03-18 16:30:22.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3054.2483 [GMT 1:00]
Spuštěný z: c:\documents and settings\WARPIG\Plocha\Download\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\WARPIG\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\system32\drivers\EIO64_xp.sys
c:\windows\thxcfg.ini
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\cnvpe.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\dp1.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\eAPI.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\HtmlView.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\internet.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\krnln.fnr
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\shell.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\spec.fne
c:\windows\system32\drivers\EIO64_xp.sys
c:\windows\thxcfg.ini
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-18 do 2009-03-18 )))))))))))))))))))))))))))))))
.
2009-03-18 13:58 . 2009-03-18 13:58 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\DAEMON Tools Pro
2009-03-17 20:38 . 2009-03-17 20:58 <DIR> d-------- C:\Kaspersky
2009-03-17 20:19 . 2009-03-17 21:02 <DIR> d-------- c:\program files\Unlocker
2009-03-17 19:11 . 2009-03-17 19:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-17 19:10 . 2009-03-17 19:10 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-17 19:10 . 2009-03-18 13:58 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\DAEMON Tools Lite
2009-03-17 19:06 . 2009-03-17 19:06 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\TrojanHunter
2009-03-17 18:58 . 2009-03-17 18:58 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\Simply Super Software
2009-03-17 16:46 . 2009-03-17 16:46 <DIR> d-------- c:\program files\Absolute Uninstaller
2009-03-16 17:38 . 2004-08-17 14:49 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-15 16:51 . 2009-03-15 16:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikac
2009-03-14 20:06 . 2009-03-17 16:54 <DIR> d-------- c:\program files\Drakensang
2009-03-13 20:06 . 2009-03-13 20:40 189,072 --a------ c:\windows\system32\PnkBstrB.xtr
2009-03-13 19:26 . 2005-12-16 00:15 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-13 19:26 . 2005-12-16 00:15 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-13 19:26 . 2005-12-16 00:15 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-13 19:26 . 2005-12-16 00:15 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-13 19:26 . 2008-04-14 04:18 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-13 19:26 . 2008-04-14 04:18 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-13 19:26 . 2005-12-16 00:15 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-13 19:26 . 2005-12-16 00:15 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-12 19:03 . 2009-03-12 19:03 339,456 --a------ c:\windows\UIA200.exe
2009-03-11 16:43 . 2009-03-11 16:43 <DIR> d-------- c:\windows\system32\xlive
2009-03-11 16:43 . 2009-03-11 16:44 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-03-11 16:10 . 2009-03-11 16:26 <DIR> d--h----- c:\windows\system32\94B349
2009-03-11 16:10 . 2009-03-17 19:08 <DIR> d--h----- c:\windows\system32\661E80
2009-03-11 16:10 . 2009-03-17 19:08 <DIR> d--h----- c:\windows\system32\64D596
2009-03-11 16:10 . 2009-03-11 16:25 <DIR> d--h----- c:\windows\system32\6248EA
2009-03-11 14:18 . 2009-03-11 14:26 <DIR> d-------- c:\program files\ICQ6.5
2009-03-10 20:32 . 2009-03-10 21:02 <DIR> d-------- c:\windows\NV31483004.TMP
2009-03-10 20:32 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-03-10 19:07 . 2009-03-10 19:08 <DIR> d-------- c:\program files\ASUS
2009-03-10 19:00 . 2009-03-18 16:34 206,065 --a------ c:\windows\system32\nvapps.xml
2009-03-10 18:59 . 2009-02-16 23:17 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-10 18:59 . 2009-02-18 14:44 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-03-10 18:59 . 2009-02-18 14:44 19,021 --a------ c:\windows\system32\nvdisp.nvu
2009-02-18 14:44 . 2009-02-18 14:44 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-02-18 14:44 . 2009-02-18 14:44 401,408 --a------ c:\windows\system32\nvcuvid.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 13:25 --------- d-----w c:\program files\AVG
2009-03-18 12:58 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\DAEMON Tools
2009-03-17 18:22 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\teamspeak2
2009-03-17 18:04 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 17:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-03-17 16:12 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Azureus
2009-03-17 15:54 --------- d-----w c:\program files\World of Warcraft
2009-03-17 15:54 --------- d-----w c:\program files\TmNationsForever
2009-03-17 15:54 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\GetRightToGo
2009-03-16 13:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-15 18:35 --------- d-----w c:\program files\Steam
2009-03-14 19:15 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Skype
2009-03-14 18:04 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\skypePM
2009-03-14 16:54 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-13 19:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-13 19:06 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 18:03 --------- d-----w c:\program files\All Ten Fingers
2009-03-10 19:54 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Red Alert 3
2009-03-10 19:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-10 19:33 --------- d-----w c:\program files\AGEIA Technologies
2009-03-10 19:13 --------- d-----w c:\program files\Vuze
2009-03-10 18:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 13:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-07 19:23 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\dvdcss
2009-02-07 15:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\Phenomedia
2009-02-04 19:26 --------- d-----w c:\program files\LucasArts
2009-02-04 18:45 --------- d-----w c:\program files\THQ
2009-02-01 11:03 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Creative
2009-02-01 09:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\XBlades
2009-02-01 09:11 --------- d-----w c:\program files\XBlades
2009-02-01 07:19 --------- d-----w c:\program files\The KMPlayer
2009-01-31 14:24 --------- d-----w c:\program files\Left4Dead
2009-01-31 11:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\Electronic Arts
2009-01-30 17:05 --------- d-----w c:\program files\Electronic Arts
2008-12-26 08:22 22,328 ----a-w c:\documents and settings\WARPIG\Data aplikací\PnkBstrK.sys
2008-11-10 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110320081110\index.dat
2008-11-10 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111020081111\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-18_14.20.08.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-17 18:08:13 22,016 ------w c:\windows\system32\64D596\AK0A2F7.EXE
+ 2009-03-18 13:42:59 22,016 ------w c:\windows\system32\64D596\AK0A2F7.EXE
- 2009-03-17 19:08:25 22,016 --sh--w c:\windows\system32\64D596\nmirnxp.exe
+ 2009-03-18 14:43:16 22,016 --sh--w c:\windows\system32\64D596\nmirnxp.exe
+ 2009-03-18 15:34:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_210.dat
+ 2009-03-18 15:34:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_758.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"A76327"="c:\windows\system32\94B349\A76327.EXE" [2009-03-11 1405148]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\WARPIG\Nabˇdka Start\Programy\Po spuçtŘnˇ\
A76327.lnk - c:\windows\system32\94B349\A76327.EXE [2009-03-11 1405148]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\RA3.exe"=
"c:\\Program Files\\Left4Dead\\hl2.exe"=
"c:\\Program Files\\XBlades\\xblades.exe"=
"c:\\Program Files\\XBlades\\launcher.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Kaspersky\\kavupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59051:TCP"= 59051:TCP:Pando Media Booster
"59051:UDP"= 59051:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-11 20560]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
.
Obsah adresáře 'Naplánované úlohy'
2009-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\WARPIG\Data aplikací\Mozilla\Firefox\Profiles\o8bmsqi5.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.seznam.cz/---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-18 16:35:04
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1417001333-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3c,52,e6,3c,79,94,3c,b2,72,4e,3b,92,0d,60,7d,3e,fa,74,4a,b2,b6,
7c,a3,46,db,f3,63,76,08,e6,55,a3,5b,6e,2b,db,94,2d,37,d7,85,96,b7,8e,1f,5b,\
"rkeysecu"=hex:43,f3,aa,9f,21,6c,4b,dd,45,a2,00,f9,87,61,78,b2
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-03-18 16:39:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-18 15:39:31
ComboFix2.txt 2009-03-18 13:20:55
Před spuštěním: Volných bajtů: 142 574 915 584
Po spuštění: Volných bajtů: 142,561,792,000
242 --- E O F --- 2009-03-16 16:41:49
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:27, on 18.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\94B349\A76327.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [A76327] C:\WINDOWS\system32\94B349\A76327.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: A76327.lnk = C:\WINDOWS\system32\94B349\A76327.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) -
http://icq.oberon-media.com/Gameshell/G ... meHost.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/softwareupdate/ ... /CTPID.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 7326 bytes