vrus - service.exe

Peane · Příspěvekod **Peane** » 09 čer 2009 21:01

Dobry den,

mam windows 7 (7100) a nod mi hlasi pri vlozeni flashky/fotaku atd.. toto:

http://img81.imageshack.us/img81/6310/clipboard01c.jpg

service.exe je ve slžce windows.. ja proces vzdy ukoncim ale nevim jak soubor odebrat.. a vubec, moje PC se i tak chova dost divne pote co mi to jednou padlo a smazali se vsechny sitova pripojeni a asociace s souborum..

NOD32 to nevyresi.. ani RegCure a ad-aware ted bezi scan
A dost casto mi padal explorer.exe..

tady je log z hijackthis

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:14, on 9.6.2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\ntos.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Users\Peane7\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
G:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\ntos.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Services] service.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Peane7\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--
End of file - 7960 bytes

Moc dekuji za pomoc

Reklama

Příspěvekod **jaro3** » 09 čer 2009 21:14

Připoj tu flešku do PC.
Stáhni tento program:Flash Disinfector (by sUBs)
-Spusť Flash Disinfector a počkej až tě program bude informovat o ukončení své činnosti.
Odpoj flešku..

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

EDIT: Nedávej logy do code!

Peane · Příspěvekod **Peane** » 09 čer 2009 21:28

Děkuji,

mám při provádění instrukcí nechat proces service.exe živý nebo ho mám ukončit?

abych nezapoměl ještě mi windows psali tuto hlášku "V systému nelze vytvořit žádné další podprocesy"

Peane · Příspěvekod **Peane** » 09 čer 2009 21:35

tak tady je log.... vypadá to hrozně :)

Kód: Vybrat vše

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2255
Windows 6.1.7100 

9.6.2009 21:28:10
mbam-log-2009-06-09 (21-28-03).txt

Typ skenu: Rychlý sken
Objektu skenováno: 81003
Uplynulý cas: 3 minute(s), 38 second(s)

Infikované procesy pameti: 1
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 1
Infikované položky dat registru: 2
Infikované složky: 1
Infikované soubory: 6

Infikované procesy pameti:
C:\Windows\System32\ntos.exe (Backdoor.Bot) -> No action taken.

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Services (Backdoor.Bot) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\ntos.exe,) Good: (userinit.exe) -> No action taken.

Infikované složky:
C:\Windows\System32\wsnpoem (Trojan.Agent) -> No action taken.

Infikované soubory:
c:\Windows\System32\wsnpoem\audio.dll (Trojan.Agent) -> No action taken.
c:\Windows\System32\wsnpoem\video.dll (Trojan.Agent) -> No action taken.
C:\Windows\service.exe (Backdoor.Bot) -> No action taken.
C:\Windows\System32\winIogon.exe (Backdoor.Bot) -> No action taken.
C:\Windows\System32\ntos.exe (Backdoor.Bot) -> No action taken.
C:\Windows\regx32.exe (Hacktool.Agent) -> No action taken.

a to Flash_Disinfector.exe mi nejak nefunguje... zepta se to jestli byl program nainstalovan spravne a nic se nestane...

Příspěvekod **jaro3** » 09 čer 2009 21:39

Nedávej ty logy do code!!

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Peane · Příspěvekod **Peane** » 09 čer 2009 22:02

program Malwarebytes' Anti-Malware restartoval PC a při dalším skenu je PC naprosto čistý :bigups:

Program ComboFix.exe při spuštění napíše že je kompatibilní pouze s win 2k nebo win XP. Při kliknutí na OK mi windows hodí hlášku, že neví zda-li byl program správně nainstalován a program se asi ukončí.

Příspěvekod **jaro3** » 09 čer 2009 22:04

Ten restart je v pořádku..

Jaký máš OS?

Peane · Příspěvekod **Peane** » 09 čer 2009 22:07

Ano restart proběhne OK. (ještě dnes ráno se mi PC ani nevypl a zasekl se ale nějak se to rozchodilo..)

jak jsem psal již na začátku mám WINDOWS 7 RC1 (build 7100)

Příspěvekod **jaro3** » 09 čer 2009 22:09

O.K.
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

Peane · Příspěvekod **Peane** » 09 čer 2009 22:15

program vyhodí error

Obrázek

log (asi neůplný díky pádu programu)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Peane7 at 2009-06-09 22:03:51
Microsoft Windows 7 Ultimate
System drive C: has 7 GB (15%) free of 50 GB
Total RAM: 3071 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:54, on 9.6.2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Users\Peane7\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Peane7\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Peane7.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Peane7\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--
End of file - 7689 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1855497769-1127002569-3203998978-1000.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-02 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-10-10 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-11-02 36864]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
""= []
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-23 68776]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-02 148888]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-09 518488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-22 1174016]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-02-24 321344]
"Google Update"=C:\Users\Peane7\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 133104]
"QIP2005"=C:\Program Files\QIP\qip.exe [2009-02-12 3276288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Config]
C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe [2006-07-06 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2009-04-09 228808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
g:\program files\steam\steam.exe [2009-06-09 1217784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\Peane7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll [2009-04-22 236032]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableLUA"=0
"PromptOnSecureDesktop"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDFSTab"=1
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-09 22:03:51 ----D---- C:\rsit
2009-06-09 21:53:42 ----D---- C:\32788R22FWJFW
2009-06-09 21:48:20 ----A---- C:\Bug.txt
2009-06-09 21:48:18 ----A---- C:\Windows\system32\cmd.execf
2009-06-09 21:23:45 ----D---- C:\Users\Peane7\AppData\Roaming\Malwarebytes
2009-06-09 21:23:39 ----D---- C:\ProgramData\Malwarebytes
2009-06-09 21:23:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-09 20:43:48 ----D---- C:\Program Files\Trend Micro
2009-06-09 20:27:36 ----A---- C:\Windows\system32\lsdelete.exe
2009-06-09 20:18:28 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-09 18:11:50 ----D---- C:\Program Files\RegCure
2009-06-09 17:57:34 ----A---- C:\Windows\system32\BASSMOD.dll
2009-06-09 13:03:08 ----A---- C:\Windows\SetPointInstall.ini
2009-06-09 11:43:59 ----D---- C:\Program Files\Core Services
2009-06-09 10:54:54 ----D---- C:\Users\Peane7\AppData\Roaming\Win7codecs
2009-06-09 10:54:52 ----D---- C:\Program Files\Win7codecs
2009-06-09 10:38:43 ----D---- C:\Program Files\Opera
2009-06-09 09:47:43 ----D---- C:\Users\Peane7\AppData\Roaming\MySQL-Front
2009-06-09 09:47:43 ----D---- C:\Program Files\MySQL-Front
2009-06-08 15:23:35 ----A---- C:\Windows\update.exe
2009-06-08 15:22:37 ----A---- C:\Windows\23.exe
2009-06-06 16:53:04 ----D---- C:\Program Files\MSDN
2009-06-04 19:00:46 ----D---- C:\Program Files\Parallels
2009-06-03 20:07:03 ----D---- C:\Program Files\Microsoft Chart Controls
2009-06-02 20:42:36 ----A---- C:\Windows\system32\javaws.exe
2009-06-02 20:42:36 ----A---- C:\Windows\system32\javaw.exe
2009-06-02 20:42:36 ----A---- C:\Windows\system32\java.exe
2009-06-01 18:52:09 ----D---- C:\Program Files\PlayReady
2009-06-01 18:47:36 ----D---- C:\Windows\ITECIR
2009-06-01 18:47:36 ----A---- C:\Windows\system32\CIRCoInst.dll
2009-05-31 23:21:46 ----D---- C:\ProjectTemplates
2009-05-31 23:20:44 ----D---- C:\Program Files\Windows Mobile 6 SDK
2009-05-31 23:11:20 ----A---- C:\RecorderSDKLog.txt
2009-05-31 23:07:27 ----A---- C:\Windows\system32\tsccvid.dll
2009-05-31 23:07:26 ----D---- C:\Windows\system32\QuickTime
2009-05-31 23:07:18 ----D---- C:\ProgramData\TechSmith
2009-05-31 23:07:05 ----D---- C:\Program Files\TechSmith
2009-05-31 23:07:05 ----D---- C:\Program Files\Common Files\TechSmith Shared
2009-05-31 22:10:50 ----A---- C:\Windows\ODBC.INI
2009-05-31 22:10:22 ----D---- C:\Windows\system32\js
2009-05-31 22:10:22 ----D---- C:\Windows\system32\images
2009-05-31 22:10:22 ----D---- C:\Windows\system32\html
2009-05-31 22:10:22 ----D---- C:\Windows\system32\css
2009-05-31 22:10:22 ----D---- C:\Program Files\Business Objects
2009-05-31 22:10:11 ----D---- C:\Program Files\Microsoft Device Emulator
2009-05-31 22:09:29 ----D---- C:\Program Files\Windows Mobile 5.0 SDK R2
2009-05-31 22:03:07 ----D---- C:\ProgramData\PreEmptive Solutions
2009-05-31 22:00:07 ----D---- C:\Windows\symbols
2009-05-31 21:58:01 ----D---- C:\Program Files\HTML Help Workshop
2009-05-31 21:58:01 ----D---- C:\Program Files\Common Files\Merge Modules
2009-05-31 21:58:01 ----D---- C:\Program Files\CE Remote Tools
2009-05-31 21:56:44 ----D---- C:\Program Files\Microsoft Web Designer Tools
2009-05-31 21:35:47 ----D---- C:\Program Files\Common Files\Skype
2009-05-31 21:35:46 ----RD---- C:\Program Files\Skype
2009-05-31 17:19:20 ----D---- C:\Windows\PCHEALTH
2009-05-30 20:33:55 ----D---- C:\Users\Peane7\AppData\Roaming\phpDesigner
2009-05-30 20:33:53 ----D---- C:\Program Files\phpDesigner
2009-05-30 11:09:11 ----D---- C:\Program Files\Tukero[X]Team
2009-05-29 20:11:28 ----D---- C:\Program Files\CesarFTP
2009-05-29 19:41:33 ----D---- C:\Users\Peane7\AppData\Roaming\FileZilla
2009-05-29 16:52:26 ----A---- C:\Windows\system32\xvidvfw.dll
2009-05-29 16:47:06 ----A---- C:\Windows\system32\xvidcore.dll
2009-05-29 16:41:59 ----D---- C:\Windows\system32\Lang
2009-05-29 16:41:59 ----A---- C:\Windows\system32\imsmudlg.exe
2009-05-29 16:41:44 ----D---- C:\Intel
2009-05-29 16:41:44 ----A---- C:\Windows\system32\nvccoin.dll
2009-05-29 16:41:28 ----D---- C:\Program Files\Intel
2009-05-29 05:11:20 ----A---- C:\Windows\system32\ff_vfw.dll
2009-05-28 21:48:32 ----D---- C:\Program Files\bobyte
2009-05-28 21:08:10 ----A---- C:\Windows\Marsu-Fix 2.5 Uninstaller.exe.bak
2009-05-28 18:27:23 ----D---- C:\Users\Peane7\AppData\Roaming\Youdagames
2009-05-27 19:49:00 ----D---- C:\Program Files\MagicDisc
2009-05-27 18:39:48 ----D---- C:\Users\Peane7\AppData\Roaming\DAEMON Tools Lite
2009-05-27 18:10:26 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-05-27 18:10:26 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-05-27 18:10:25 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-05-27 15:39:55 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2009-05-27 15:39:55 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-05-27 15:39:55 ----A---- C:\Windows\system32\msmpeg2adec.dll
2009-05-27 15:39:55 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-05-27 15:39:55 ----A---- C:\Windows\system32\mfAACEnc.dll
2009-05-27 15:39:51 ----A---- C:\Windows\system32\tquery.dll
2009-05-27 15:39:51 ----A---- C:\Windows\system32\mssrch.dll
2009-05-27 15:39:50 ----A---- C:\Windows\system32\user32.dll
2009-05-27 15:39:50 ----A---- C:\Windows\system32\sxs.dll
2009-05-27 15:39:50 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-05-27 15:39:50 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-05-27 15:39:50 ----A---- C:\Windows\system32\mssvp.dll
2009-05-27 15:39:50 ----A---- C:\Windows\system32\mssph.dll
2009-05-27 15:39:49 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-05-27 15:39:49 ----A---- C:\Windows\system32\mssphtb.dll
2009-05-27 15:39:49 ----A---- C:\Windows\system32\comctl32.dll
2009-05-27 15:39:49 ----A---- C:\Windows\system32\cdosys.dll
2009-05-27 15:39:48 ----A---- C:\Windows\system32\msscntrs.dll
2009-05-27 15:39:48 ----A---- C:\Windows\system32\gdi32.dll
2009-05-27 15:39:43 ----A---- C:\Windows\system32\mshtml.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\wininet.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\urlmon.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\mstime.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\msrating.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\inseng.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\iepeers.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\dxtrans.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\dxtmsft.dll
2009-05-27 15:39:41 ----A---- C:\Windows\system32\pngfilt.dll
2009-05-27 15:39:41 ----A---- C:\Windows\system32\mshtmled.dll
2009-05-27 15:39:41 ----A---- C:\Windows\system32\jsproxy.dll
2009-05-26 21:34:59 ----D---- C:\Program Files\UlisesSoft
2009-05-25 14:16:28 ----A---- C:\Windows\system32\ElbyVCD.dll
2009-05-25 14:01:38 ----A---- C:\Windows\system32\ElbyCDIO.dll
2009-05-22 00:51:48 ----A---- C:\Windows\system32\xfcodec.dll
2009-05-17 16:18:57 ----D---- C:\Program Files\Complements
2009-05-15 20:57:31 ----D---- C:\Windows\cs-CZ
2009-05-15 20:57:14 ----D---- C:\Windows\system32\cs
2009-05-15 20:55:56 ----D---- C:\Windows\system32\XPSViewer
2009-05-15 20:49:58 ----D---- C:\Application Data
2009-05-14 20:30:14 ----D---- C:\Users\Peane7\AppData\Roaming\dvdcss
2009-05-13 22:15:20 ----A---- C:\Windows\system32\SQSRVRES.DLL
2009-05-13 21:51:24 ----A---- C:\Windows\system32\McxDriv.dll
2009-05-13 20:53:21 ----D---- C:\Program Files\Intelore
2009-05-13 19:52:07 ----D---- C:\Users\Peane7\AppData\Roaming\vlc
2009-05-13 19:51:45 ----D---- C:\Program Files\VideoLAN
2009-05-13 18:18:48 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-05-13 18:18:37 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-05-13 18:17:55 ----D---- C:\Windows\system32\RsFx
2009-05-13 18:17:30 ----D---- C:\Users\Peane7\AppData\Roaming\DivX
2009-05-13 18:16:55 ----D---- C:\Windows\system32\1033
2009-05-13 18:08:56 ----D---- C:\Program Files\Microsoft SQL Server
2009-05-13 18:08:37 ----D---- C:\Program Files\Microsoft Synchronization Services
2009-05-13 18:05:50 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2009-05-13 18:05:33 ----D---- C:\Program Files\Microsoft SDKs
2009-05-13 16:58:13 ----A---- C:\Windows\system32\poqexec.exe
2009-05-12 21:47:15 ----D---- C:\ProgramData\Win7codecs
2009-05-12 21:46:01 ----D---- C:\Users\Peane7\AppData\Roaming\Thinstall
2009-05-11 18:03:56 ----D---- C:\Program Files\TeamViewer
2009-05-11 17:56:35 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-05-11 17:56:15 ----D---- C:\Program Files\DivX
2009-05-11 17:56:15 ----D---- C:\Program Files\Common Files\DivX Shared
2009-05-11 17:05:21 ----D---- C:\Program Files\QS
2009-05-11 17:05:20 ----D---- C:\Users\Peane7\AppData\Roaming\TeamViewer

======List of files/folders modified in the last 1 months======

2009-06-09 22:03:54 ----D---- C:\Windows\Temp
2009-06-09 22:02:12 ----D---- C:\Users\Peane7\AppData\Roaming\DNA
2009-06-09 21:54:34 ----D---- C:\Program Files\Mozilla Firefox
2009-06-09 21:48:18 ----D---- C:\Windows\System32
2009-06-09 21:46:51 ----D---- C:\Windows\system32\config
2009-06-09 21:42:00 ----D---- C:\Program Files\DNA
2009-06-09 21:41:17 ----RD---- C:\Program Files
2009-06-09 21:41:16 ----D---- C:\Windows\system32\drivers
2009-06-09 21:38:16 ----D---- C:\Windows
2009-06-09 21:23:39 ----HD---- C:\ProgramData
2009-06-09 20:25:31 ----D---- C:\Windows\Tasks
2009-06-09 20:25:31 ----D---- C:\Windows\system32\Tasks
2009-06-09 20:23:13 ----D---- C:\Windows\Prefetch
2009-06-09 20:18:28 ----SHD---- C:\Windows\Installer
2009-06-09 20:18:21 ----D---- C:\ProgramData\Lavasoft
2009-06-09 20:18:21 ----D---- C:\Program Files\Lavasoft
2009-06-09 18:04:20 ----D---- C:\Windows\inf
2009-06-09 18:04:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-09 17:44:00 ----A---- C:\Windows\NeroDigital.ini
2009-06-09 17:18:40 ----D---- C:\Windows\system32\LogFiles
2009-06-09 16:46:01 ----D---- C:\Windows\system32\NDF
2009-06-09 16:43:10 ----SHD---- C:\System Volume Information
2009-06-09 12:54:10 ----D---- C:\Windows\system32\DriverStore
2009-06-09 12:54:10 ----D---- C:\Windows\system32\catroot
2009-06-09 12:54:06 ----D---- C:\Windows\system32\catroot2
2009-06-09 11:00:58 ----D---- C:\Users\Peane7\AppData\Roaming\BSplayer
2009-06-09 10:48:56 ----D---- C:\Windows\WindowsMobile
2009-06-09 10:48:47 ----D---- C:\Program Files\Common Files\Apple
2009-06-09 10:47:39 ----D---- C:\Program Files\Uplink
2009-06-09 10:38:51 ----D---- C:\Users\Peane7\AppData\Roaming\Opera
2009-06-09 09:42:14 ----D---- C:\Windows\Downloaded Program Files
2009-06-08 17:46:51 ----D---- C:\Program Files\Opera 10 Preview
2009-06-08 17:45:18 ----D---- C:\Program Files\Common Files\Steam
2009-06-06 23:13:57 ----D---- C:\Users\Peane7\AppData\Roaming\BitTorrent
2009-06-06 18:48:57 ----D---- C:\Windows\Microsoft.NET
2009-06-06 17:21:31 ----RSD---- C:\Windows\assembly
2009-06-06 17:20:47 ----D---- C:\Windows\Registration
2009-06-06 17:18:35 ----D---- C:\ProgramData\Microsoft Help
2009-06-05 20:09:48 ----D---- C:\Windows\rescache
2009-06-05 15:17:44 ----D---- C:\Program Files\Common Files
2009-06-05 15:07:47 ----D---- C:\Windows\winsxs
2009-06-05 15:05:27 ----D---- C:\Windows\system32\inetsrv
2009-06-05 15:05:26 ----D---- C:\inetpub
2009-06-05 15:05:02 ----D---- C:\Windows\system32\en-US
2009-06-05 07:04:47 ----D---- C:\Program Files\WinRAR
2009-06-04 19:02:46 ----D---- C:\Windows\system32\migration
2009-06-04 19:02:46 ----D---- C:\Windows\system32\cs-CZ
2009-06-03 22:24:49 ----D---- C:\Users\Peane7\AppData\Roaming\WinRAR
2009-06-02 20:42:28 ----A---- C:\Windows\system32\deploytk.dll
2009-06-01 19:46:49 ----D---- C:\ProgramData\Media Center Programs
2009-06-01 18:52:09 ----SD---- C:\ProgramData\Microsoft
2009-06-01 18:47:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-01 17:56:51 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-05-31 23:29:18 ----SD---- C:\Users\Peane7\AppData\Roaming\Microsoft
2009-05-31 23:13:46 ----D---- C:\Program Files\EA Games
2009-05-31 22:10:02 ----RSD---- C:\Windows\Fonts
2009-05-31 22:08:26 ----D---- C:\Program Files\Microsoft.NET
2009-05-31 22:03:08 ----A---- C:\Users\Peane7\AppData\Roaming\burnaware.ini
2009-05-31 22:03:01 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-31 22:00:28 ----D---- C:\Program Files\MSBuild
2009-05-31 21:40:17 ----D---- C:\Users\Peane7\AppData\Roaming\Skype
2009-05-31 21:36:10 ----D---- C:\Users\Peane7\AppData\Roaming\skypePM
2009-05-31 21:35:46 ----D---- C:\ProgramData\Skype
2009-05-31 18:28:44 ----HD---- C:\Windows\system32\GroupPolicy
2009-05-31 18:03:07 ----D---- C:\ProgramData\Xfire
2009-05-31 17:19:22 ----D---- C:\Program Files\Microsoft Works
2009-05-31 17:18:14 ----A---- C:\Windows\win.ini
2009-05-30 23:57:37 ----D---- C:\totalcmd
2009-05-30 18:25:01 ----D---- C:\Users\Peane7\AppData\Roaming\Xfire
2009-05-30 17:41:38 ----AD---- C:\ProgramData\TEMP
2009-05-30 17:41:31 ----D---- C:\Fraps
2009-05-27 18:08:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-27 18:08:31 ----D---- C:\Program Files\AGEIA Technologies
2009-05-27 17:03:40 ----D---- C:\Program Files\Internet Explorer
2009-05-24 23:42:44 ----SHD---- C:\$Recycle.Bin
2009-05-17 10:03:04 ----D---- C:\Windows\system
2009-05-15 20:57:46 ----D---- C:\Program Files\Windows Mail
2009-05-15 20:57:45 ----D---- C:\Program Files\Windows Sidebar
2009-05-15 20:57:42 ----D---- C:\Program Files\Windows Media Player
2009-05-15 20:57:42 ----D---- C:\Program Files\Windows Journal
2009-05-15 20:57:42 ----D---- C:\Program Files\DVD Maker
2009-05-15 20:57:40 ----D---- C:\Program Files\Common Files\System
2009-05-15 20:57:39 ----D---- C:\Windows\servicing
2009-05-15 20:57:39 ----D---- C:\Program Files\Windows Photo Viewer
2009-05-15 20:57:39 ----D---- C:\Program Files\Windows Defender
2009-05-15 20:57:38 ----D---- C:\Windows\ehome
2009-05-15 20:57:16 ----D---- C:\Windows\system32\winrm
2009-05-15 20:57:16 ----D---- C:\Windows\PolicyDefinitions
2009-05-15 20:57:15 ----D---- C:\Windows\system32\oobe
2009-05-15 20:57:14 ----D---- C:\Windows\system32\sysprep
2009-05-15 20:57:14 ----D---- C:\Windows\system32\slmgr
2009-05-15 20:57:14 ----D---- C:\Windows\system32\migwiz
2009-05-15 20:57:14 ----D---- C:\Windows\system32\Boot
2009-05-15 20:55:51 ----D---- C:\Windows\system32\MUI
2009-05-15 20:55:50 ----D---- C:\Windows\system32\WCN
2009-05-15 20:55:49 ----D---- C:\Windows\system32\Dism
2009-05-15 20:55:32 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-05-15 20:55:24 ----D---- C:\Windows\system32\wbem
2009-05-15 20:55:24 ----D---- C:\Windows\system32\com
2009-05-15 20:55:21 ----D---- C:\Windows\AppPatch
2009-05-13 18:08:37 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-05-13 16:52:33 ----D---- C:\Program Files\K-Lite Codec Pack
2009-05-11 06:12:31 ----D---- C:\Windows\system32\wdi
2009-05-10 19:59:26 ----A---- C:\Windows\system32\AddPort.ini
2009-05-10 19:59:21 ----A---- C:\Windows\hpntwksetup.ini

Příspěvekod **jaro3** » 09 čer 2009 22:51

Ty logy nedávej ani do citace.

Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-

:Files
C:\32788R22FWJFW
C:\Windows\system32\cmd.execf

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Toto otestuj na Virustotal
C:\Windows\Marsu-Fix 2.5 Uninstaller.exe.bak
C:\Windows\update.exe
C:\Windows\23.exe
Vlož sem pak odkazy výsledků.
****************************************************************************************************************************************
Stáhni si OTListIt2.exe

-spusť
-označ "Scan All Users
-označ Purity i Lop
-klikni na "Run Scan"
-otevře se ti textový soubor, jeho obsah mi sem zkopíruj

EDIT : odkazy nějak nefungují , zkusím zítra pohledat..
Budeme pokračovat zítra.

Zkus tady:
http://oldtimer.geekstogo.com/OTM.exe

Peane · Příspěvekod **Peane** » 10 čer 2009 16:28

OK děkuji.

tady log z OTMoveit

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\32788R22FWJFW\License moved successfully.
C:\32788R22FWJFW moved successfully.
C:\Windows\system32\cmd.execf moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Peane7\AppData\Local\Temp\etilqs_Ad3wPdVaUPbeCrLaGRs6 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06102009_160604

Files moved on Reboot...
File C:\Users\Peane7\AppData\Local\Temp\etilqs_Ad3wPdVaUPbeCrLaGRs6 not found!
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\urlclassifier3.sqlite moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Výsledky z virustotal

http://www.virustotal.com/cs/analisis/d36c60ddee90475367d1adce7d071fe6305d80738e977274e78dc18d96e8cd20-1244643183

http://www.virustotal.com/cs/analisis/a9629baa2074313b44baa31a028e21042efbff4128bf5786d7c0d731eb033f9e-1244643399

http://www.virustotal.com/cs/analisis/94dd8e4da8de522d098730c976a25e638d041c512daf82a07f1f20f5d9cb899c-1244643632

A link na stažení OTListIt2.exe bohužel stále nefunguje

vrus - service.exe Vyřešeno

vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Re: vrus - service.exe

Kdo je online