Prosím o kontrolu logu

[junecek]

Mam Windovs Wista Home Premium, pri kontrole disku prikazom "chkdsk" mi vypisuje "Index entry ksuser.dll, msacm32.drv, pdh.dll a ose00001.exe in index ...... is incorrect". Vsimol som si to ked mi zacal mrznuť Microsoft office 2003, konkretne Word. Zamrzol až tak že som musel notebook natvrdo vypnuť a zpanuť. Poradite mi?



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:04, on 19. 5. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\ASUS WUSB\WQ_Tray2.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\admin\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Mimino2 - {A9D17DA6-022A-454A-AB26-E104C0F6D13A} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Wireless USB Manager.lnk = C:\Program Files\ASUS\ASUS WUSB\WQ_Tray2.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98db2ad31724f) (gupdate1c98db2ad31724f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 11295 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[junecek]

Malwarebytes' Anti-Malware 1.36
Verzia databázy: 2155
Windows 6.0.6001 Service Pack 1

19. 5. 2009 22:19:20
mbam-log-2009-05-19 (22-19-15).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 74100
Uplynutý cas: 3 minute(s), 57 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 8
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 2

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\doggyme (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\mimi11.bho (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{275de758-ae97-4be3-bef1-107a376c66e0} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b52fe4d2-6952-4dc3-a246-7b518b3a1c5d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9d17da6-022a-454a-ab26-e104c0f6d13a} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9d17da6-022a-454a-ab26-e104c0f6d13a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9d17da6-022a-454a-ab26-e104c0f6d13a} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> No action taken.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Users\admin\Favorites\VIP Casino.url (Rogue.Link) -> No action taken.
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Cheap Pharmacy Online.url (Rogue.Link) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MBAM.

Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Podívám se zítra.

[junecek]

ComboFix 09-05-19.08 - admin . 05. 2009 7:58.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3070.1990 [GMT 2:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Cheap Pharmacy Online.url
c:\users\admin\FAVORI~1\VIP Casino.url
c:\users\admin\Favorites\VIP Casino.url
c:\windows\system32\404Fix.exe
c:\windows\system32\acovcnt.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-19 20:13 . 2009-05-19 20:13 -------- d-----w c:\users\admin\AppData\Roaming\Malwarebytes
2009-05-19 20:12 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 20:12 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 20:12 . 2009-05-19 20:12 -------- d-----w c:\programdata\Malwarebytes
2009-05-19 20:12 . 2009-05-19 20:12 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-19 20:12 . 2009-05-19 20:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 20:09 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-19 20:09 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-19 20:09 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-19 20:09 . 2009-05-19 20:11 -------- d---a-w c:\programdata\TEMP
2009-05-19 20:09 . 2009-05-19 20:11 -------- d---a-w c:\users\All Users\TEMP
2009-05-19 20:09 . 2009-05-19 20:10 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-19 20:09 . 2008-12-10 09:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-19 20:09 . 2009-05-19 20:09 -------- d-----w c:\programdata\PC Tools
2009-05-19 20:09 . 2009-05-19 20:09 -------- d-----w c:\users\All Users\PC Tools
2009-05-19 20:09 . 2009-05-19 20:10 -------- d-----w c:\program files\Spyware Doctor
2009-05-19 20:09 . 2009-05-19 20:09 -------- d-----w c:\users\admin\AppData\Roaming\PC Tools
2009-05-19 18:22 . 2009-05-19 18:22 -------- d-----w c:\users\admin\AppData\Roaming\Uniblue
2009-05-19 18:22 . 2009-05-19 18:22 -------- d-----w c:\program files\Uniblue
2009-05-19 18:22 . 2009-05-19 18:22 -------- dc-h--w c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-05-19 18:22 . 2009-05-19 18:22 -------- dc-h--w c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-05-19 15:21 . 2009-05-19 15:21 -------- d-----w c:\windows\PCHEALTH
2009-05-19 15:21 . 2009-05-19 15:21 -------- d-----w c:\program files\Microsoft.NET
2009-05-17 19:33 . 2009-05-20 05:40 -------- d-----w c:\windows\system32\_avast4_
2009-05-17 19:33 . 2009-05-20 05:53 -------- d-----w c:\windows\system32\config\systemprofile\_avast4_
2009-05-17 16:56 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-17 16:56 . 2009-05-17 16:56 -------- d-----w c:\program files\Alwil Software
2009-05-17 09:43 . 2007-03-23 02:05 29272 ----a-r c:\windows\system32\AdobePDF.dll
2009-05-14 20:39 . 2009-05-14 21:54 -------- d-----w c:\program files\The Weather Channel FW
2009-05-14 20:33 . 2009-05-14 21:54 -------- d-----w c:\users\admin\AppData\Local\The Weather Channel
2009-05-06 07:38 . 2009-05-11 18:39 -------- d-----w c:\temp\MPTelemetrySubmit
2009-05-05 10:14 . 2009-05-05 10:14 -------- d-----w c:\users\admin\AppData\Roaming\MathWorks
2009-05-05 09:58 . 2009-05-05 09:58 -------- d-----w c:\program files\MATLAB
2009-05-04 16:55 . 2009-05-06 14:11 -------- d-----w c:\users\admin\AppData\Local\TSVNCache
2009-05-04 16:00 . 2009-05-06 13:51 -------- d-----w c:\users\admin\AppData\Roaming\Xilinx
2009-05-04 15:36 . 2009-05-05 09:01 -------- d-----w c:\users\admin\AppData\Roaming\HDI
2009-05-04 14:09 . 2009-04-02 10:40 16000 ----a-w c:\windows\system32\drivers\xpc4drvr.sys
2009-05-04 14:07 . 2009-05-06 15:00 -------- d-----w C:\.Xilinx
2009-05-04 14:05 . 2009-04-02 10:40 194362 ----a-w c:\windows\system32\drivers\windrvr6.sys
2009-05-04 13:57 . 2009-05-13 13:41 -------- d-----w C:\Xilinx
2009-05-04 13:55 . 2009-05-04 15:15 -------- d-----w c:\users\admin\AppData\Roaming\Download Manager
2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w c:\users\admin\AppData\Roaming\hte
2009-04-27 18:15 . 2009-04-27 18:15 -------- d-----w c:\program files\VistaCodecPack
2009-04-27 18:14 . 2009-04-27 18:14 -------- d-----w c:\programdata\VistaCodecs
2009-04-27 18:14 . 2009-04-27 18:14 -------- d-----w c:\users\All Users\VistaCodecs
2009-04-27 17:13 . 2009-04-27 17:13 -------- d-----w c:\users\admin\AppData\Roaming\Subversion
2009-04-27 17:07 . 2008-06-19 23:33 5248 ----a-w c:\windows\giveio.sys
2009-04-27 17:04 . 2009-05-13 13:25 -------- d-----w c:\program files\FITkit
2009-04-26 09:34 . 2009-04-26 09:34 474 ----a-w c:\windows\eReg.dat
2009-04-26 09:33 . 2009-05-02 15:08 -------- d-----w c:\program files\EACOM
2009-04-25 21:42 . 2009-04-25 21:42 -------- d-----w c:\programdata\Winter Sports 2009
2009-04-25 21:42 . 2009-04-25 21:42 -------- d-----w c:\users\All Users\Winter Sports 2009
2009-04-22 18:59 . 2009-04-22 18:59 1033728 ----a-w c:\windows\system32\VSFilter.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 17:50 . 2008-10-03 09:31 205613 ----a-w c:\users\All Users\nvModes.dat
2009-05-19 17:50 . 2008-10-03 09:31 205613 ----a-w c:\programdata\nvModes.dat
2009-05-19 15:43 . 2008-10-08 13:39 8774 ----a-w c:\windows\system32\perfc01B.dat
2009-05-19 15:43 . 2008-10-08 13:39 31814 ----a-w c:\windows\system32\perfh01B.dat
2009-05-19 15:42 . 2008-10-03 10:54 3882 ----a-w c:\windows\bthservsdp.dat
2009-05-19 15:36 . 2008-10-03 07:45 108352 ----a-w c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-18 17:17 . 2008-11-06 11:18 -------- d-----w c:\program files\Google
2009-05-18 17:16 . 2009-05-18 17:16 0 ----a-w c:\users\Default\is30FF.tmp
2009-05-18 17:16 . 2009-05-18 17:16 0 ----a-w c:\users\Default\isDC2B.tmp
2009-05-13 13:24 . 2008-10-03 08:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 13:23 . 2008-12-12 10:33 -------- d-----w c:\program files\Maple 11
2009-05-12 21:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-05 21:37 . 2008-10-14 13:39 -------- d-----w c:\program files\Java
2009-03-26 09:03 . 2009-03-26 09:03 286720 ----a-w c:\windows\system32\libcurl.dll
2009-03-26 09:03 . 2009-03-26 09:03 196608 ----a-w c:\windows\system32\ssleay32.dll
2009-03-26 09:03 . 2009-03-26 09:03 1028096 ----a-w c:\windows\system32\libeay32.dll
2009-03-26 09:03 . 2009-03-26 09:03 143360 ----a-w c:\windows\system32\libexpatw.dll
2009-03-25 21:59 . 2008-10-06 09:56 -------- d-----w c:\program files\Mozilla Thunderbird
2009-03-22 19:28 . 2009-03-22 19:28 -------- d-----w c:\program files\ABC 3GP Converter
2009-03-17 03:38 . 2009-04-15 08:50 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 08:50 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-28 09:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 08:51 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 08:51 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 08:51 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 08:51 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 08:51 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 08:51 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 08:51 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 08:51 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 08:51 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 08:51 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 08:51 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 08:51 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 08:51 26624 ----a-w c:\windows\system32\ieUnatt.exe
2008-10-08 13:42 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-07-01 17:28 . 2008-07-01 17:28 61440 ----a-w c:\program files\Common Files\CPInstallAction.dll
2008-05-22 07:35 . 2008-05-22 07:35 51962 ----a-w c:\program files\Common Files\banner.jpg
2007-06-12 08:34 . 2007-06-12 08:34 35822 ----a-w c:\program files\Common Files\ASPG_icon.ico
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 39408]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-10-04 3054136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-13 6183456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless USB Manager.lnk - c:\program files\ASUS\ASUS WUSB\WQ_Tray2.exe [2008-5-2 1846328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KN StrongDC.lnk]
path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KN StrongDC.lnk
backup=c:\windows\pss\KN StrongDC.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3261889692-1362245188-1876932351-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{928BF4CA-E4A6-4B28-88FB-296C7D575AFE}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B7708506-A8F8-4070-B2CD-FA39C9BFC2BA}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{BAC93832-C18D-481C-95FC-4CD82792472D}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{D87CAB8F-47E9-4D82-BE0F-EC8C79FA0224}c:\\windows.old\\program files\\kn_strongdc\\strongdc.exe"= UDP:c:\windows.old\program files\kn_strongdc\strongdc.exe:StrongDC++
"UDP Query User{BE6D67C0-2B52-4ECD-8D00-D2AB233A2F5E}c:\\windows.old\\program files\\kn_strongdc\\strongdc.exe"= TCP:c:\windows.old\program files\kn_strongdc\strongdc.exe:StrongDC++
"TCP Query User{A1F88A40-F25F-4E49-86BA-B76F2E01B6FA}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{101B157C-4033-4CF2-AA30-2DF64B01774B}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{4E462227-9C82-4E33-B3FA-64409D0207C0}c:\\windows.old\\program files\\kn_strongdc\\strongdc.exe"= UDP:c:\windows.old\program files\kn_strongdc\strongdc.exe:StrongDC++
"UDP Query User{D9AA1836-5E99-4259-A59A-C3DE2D944875}c:\\windows.old\\program files\\kn_strongdc\\strongdc.exe"= TCP:c:\windows.old\program files\kn_strongdc\strongdc.exe:StrongDC++
"TCP Query User{F36EC1A5-5F85-4BC3-B124-F5AD10971A41}d:\\kn strongdc\\strongdc.exe"= UDP:d:\kn strongdc\strongdc.exe:StrongDC++
"UDP Query User{BFDBBF40-BB56-4452-8889-1408114E4176}d:\\kn strongdc\\strongdc.exe"= TCP:d:\kn strongdc\strongdc.exe:StrongDC++
"TCP Query User{40FF9043-9413-4E9D-B499-F0FC4949576F}d:\\kn strongdc\\strongdc.exe"= UDP:d:\kn strongdc\strongdc.exe:StrongDC++
"UDP Query User{9197FF53-9713-4A24-81F7-D0D4B7B53C1C}d:\\kn strongdc\\strongdc.exe"= TCP:d:\kn strongdc\strongdc.exe:StrongDC++
"TCP Query User{DE94366A-5B88-4E3C-8204-61CD8F4ED4B5}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{48BEEAB6-124E-42ED-9D76-344A58B7A63D}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{52043D58-7B17-4B03-B24D-755B0849720D}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{1F165665-EDAF-4B99-99A0-F876D61FE4F2}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{E8C392E1-53F4-4C28-B5A2-904924F28C04}d:\\hryy\\vietcong2\\vietcong2.exe"= UDP:d:\hryy\vietcong2\vietcong2.exe:vietcong2
"UDP Query User{9BD90671-83C7-49F9-872F-F828B306C9D5}d:\\hryy\\vietcong2\\vietcong2.exe"= TCP:d:\hryy\vietcong2\vietcong2.exe:vietcong2
"TCP Query User{AC766BCE-DABD-4263-9D01-7293D192FED8}d:\\hryy\\nhl 09\\nhl2009.exe"= UDP:d:\hryy\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{04DFBCB2-9055-4171-9AD3-DC2A8084EDCA}d:\\hryy\\nhl 09\\nhl2009.exe"= TCP:d:\hryy\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{78686083-7991-4B1D-8088-09085271D7CE}d:\\hryy\\gp 4\\gp4.exe"= UDP:d:\hryy\gp 4\gp4.exe:GP4
"UDP Query User{6EA73129-F25C-4E32-9708-C42F5D5E8B3D}d:\\hryy\\gp 4\\gp4.exe"= TCP:d:\hryy\gp 4\gp4.exe:GP4
"TCP Query User{93D1853E-E2E9-4731-AC0D-7FAA11F84B87}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{B56A531E-E59F-4EFD-9B79-9FB3332B5506}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{06C8F2E5-25DB-433A-9ECB-C957D2F954EB}c:\\users\\admin\\documents\\icq\\277802482\\receivedfiles\\192537553 lukeer\\age\\age of empires ii conquerors\\empires2.exe"= UDP:c:\users\admin\documents\icq\277802482\receivedfiles\192537553 lukeer\age\age of empires ii conquerors\empires2.exe:empires2.exe
"UDP Query User{000C53F8-E524-4A88-BA3A-83B181524D02}c:\\users\\admin\\documents\\icq\\277802482\\receivedfiles\\192537553 lukeer\\age\\age of empires ii conquerors\\empires2.exe"= TCP:c:\users\admin\documents\icq\277802482\receivedfiles\192537553 lukeer\age\age of empires ii conquerors\empires2.exe:empires2.exe
"TCP Query User{F06D8A97-E8DA-4993-A667-9AEDCB37A55D}d:\\hryy\\sniper elit\\elite snper\\sniperelite.exe"= UDP:d:\hryy\sniper elit\elite snper\sniperelite.exe:SniperElite
"UDP Query User{96152606-8BD1-4229-98A1-2EA18C264A5D}d:\\hryy\\sniper elit\\elite snper\\sniperelite.exe"= TCP:d:\hryy\sniper elit\elite snper\sniperelite.exe:SniperElite
"TCP Query User{A6C1522A-4430-48FC-B430-1B50F34CB2EC}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{5226910A-E81C-4353-AE42-E7D6F36641F1}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{39CAC5BB-A6F2-401E-88C4-356D5D2ABFF7}c:\\program files\\maple 11\\jre\\bin\\java.exe"= UDP:c:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{9ACCA23A-2A1F-4323-83AB-FE68107F0C2A}c:\\program files\\maple 11\\jre\\bin\\java.exe"= TCP:c:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{99B6A92A-30B6-4611-BE9F-3922A03898D9}c:\\program files\\maple 11\\jre\\bin\\maple.exe"= UDP:c:\program files\maple 11\jre\bin\maple.exe:Maple 11
"UDP Query User{EF7B8A97-83F9-4A37-A678-C594C0F34A5D}c:\\program files\\maple 11\\jre\\bin\\maple.exe"= TCP:c:\program files\maple 11\jre\bin\maple.exe:Maple 11
"TCP Query User{B5F659C0-37B6-437F-BABA-0D6C155DB1FD}d:\\hryy\\nfs\\speed2.exe"= UDP:d:\hryy\nfs\speed2.exe:speed2
"UDP Query User{840DE259-8F19-414D-8A41-BB319991D62A}d:\\hryy\\nfs\\speed2.exe"= TCP:d:\hryy\nfs\speed2.exe:speed2
"TCP Query User{623D1E96-9021-40B8-BF9D-93A5ACBCBC83}d:\\hryy\\rely\\dirtdemo.exe"= UDP:d:\hryy\rely\dirtdemo.exe:DiRT Demo Executable
"UDP Query User{AFAE39F3-F265-43A7-AEB2-8670B054D373}d:\\hryy\\rely\\dirtdemo.exe"= TCP:d:\hryy\rely\dirtdemo.exe:DiRT Demo Executable
"TCP Query User{3AA0D5A6-9421-48C7-AAF5-623D703A1BDD}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{68875E0C-A1EA-4A1E-8856-DEA55242F247}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{3C7B5DEA-2F53-46A2-A2F5-C96EBB2A1F18}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{B05B00E6-4523-4EDB-9C04-AB23C29E7657}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{D7EE51A3-CEDE-4D3C-85AC-2B97FD6CDB19}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{7D01BD23-709B-44B6-96D4-20042A59BBBD}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{C9212D22-3082-424C-B6B7-E1078FD1C0C4}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{9A5F1D12-3995-4FDA-8BA2-6A3C80A267A5}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{485A1201-5DD4-4158-A432-1CFE33AC0494}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{7D2B54CD-F972-4E9A-AE83-CF4E37BB8058}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{D8A024E3-202B-4C0E-BD81-AE83798859AC}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{A491485E-D044-4761-BD52-74EE2DD62B55}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{AE4B9F13-557D-40D8-B3A2-B6A5AB416A0E}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{4DAC0D96-C13A-4A0E-AD67-AB053C37FC75}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{251CF94C-4BB2-4266-91C8-D7F3308F5554}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{297537CB-3818-4EC6-BCAA-6137699785E2}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{1AD7B1FA-D35A-45B9-8B10-DF0AD9D9352A}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{AA0BDF43-C5C6-4DB0-B935-EB413D7A218B}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{FC132C38-E1DE-441D-AF3C-AACA321F07EF}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{9A8F154B-E661-4AF6-A667-67EA531FB9E2}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{0D25894A-4A7C-4E89-BD49-E33A4A073BE6}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{A5102C6A-B965-41E9-9680-FD255DBF6EA4}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{23520C79-BEA0-4B94-A49B-44830ED1C193}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{1CF824D8-303F-4566-AF54-A6C883CE5CEE}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{ACE2EACD-458D-4A60-A6FA-A3085A8DC6BC}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{F8FEE9C9-408D-4850-8AC1-9632AFD6B1C1}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{B22D601D-EF3F-4422-BA6D-44873BC3228C}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{B8A62043-F116-4B65-8F2D-962A2A908D19}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{AAB2858A-7CEF-4BFE-B2CD-502E337D2B70}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{B2A8D3AF-A2D0-40CE-8B3E-BE6F6515443B}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{F622C91E-B30C-4C65-95A9-099B04F5DD47}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{420CABD2-E577-4D24-9CCC-5745A96F832E}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{67A40369-8603-4808-82E8-4AC3DC45DF45}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{40537EFF-321F-4CAA-8F71-2587A9D92B62}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{6F0A2338-8122-40A7-8524-584F674DE4A9}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{7345D603-1A23-4995-9B2B-F7DBFA784216}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{94FD6CFF-C6A1-42DE-AEAC-1B49E660992C}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{7EA564F5-651E-458B-9A94-B666A036B21C}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{863B9AB7-936B-49F6-9C9E-896DC0CD2E27}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{3F15646B-FD93-42D7-AABD-F1E6E55953AD}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{2BA40BA1-9412-4BFC-9E8A-78D69DC20512}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{A3DD697B-1F99-4765-BD9B-68235FA9785A}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{08C0BCDA-0273-44C6-B205-7A60E1546313}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B9FDD451-15F7-4E81-8C9C-90E86AB68921}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{A7900BDC-DF64-4BCC-AC82-9B1ED12E3DCF}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"{52506AD8-2386-400B-92C2-04B206280FFD}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2DC81321-C10D-4E29-98E5-5614732AE376}d:\\hryy\\nhl 2002\\nhl2002.exe"= UDP:d:\hryy\nhl 2002\nhl2002.exe:nhl2002
"UDP Query User{CF3F121A-A7EB-4BFF-9FDE-896F05B5D48A}d:\\hryy\\nhl 2002\\nhl2002.exe"= TCP:d:\hryy\nhl 2002\nhl2002.exe:nhl2002
"{4FECA01D-145B-4F7F-9151-6F89128B28C9}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{EDA5FA17-E0C2-4E1A-9DA9-B3B80D30FAB8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{260589B2-DE39-4C25-9630-0E31734074A4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{95CFEF85-1A64-437B-A2A6-6067F5FECEE2}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{D2A8608F-F209-4046-8AFA-202D0237F434}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{91D2DCC9-FCDC-4B8B-8DBA-BCEE09D936AD}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{258F6C8D-149F-4E9F-A608-958409F5ED7B}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{051C7E40-FBEE-4E6E-A1DA-EC5DC1CA8B44}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{4D31B1C6-0F05-4D27-9C8E-11BD6A4FD8D9}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{813D5744-A14F-4F9B-9609-DC312C9AE8B0}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{681E646F-6B00-42E6-B3F3-051894F34B20}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{1F174B4C-CA97-4573-BA42-A7B7EA9D67F9}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [3. 10. 2008 12:33 15416]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19. 5. 2009 22:09 130936]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17. 5. 2009 18:56 114768]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [9. 10. 2008 13:39 72192]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8. 10. 2008 13:45 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8. 10. 2008 13:45 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17. 5. 2009 18:56 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17. 5. 2009 18:56 51792]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [8. 10. 2008 18:26 29736]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [4. 10. 2008 21:44 474624]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [4. 10. 2008 21:44 206336]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [3. 10. 2008 10:39 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [4. 10. 2008 21:44 3663360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [3. 10. 2008 10:28 44064]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [4. 10. 2008 21:44 6656]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [3. 10. 2008 14:15 240128]
S2 gupdate1c98db2ad31724f;Google Update Service (gupdate1c98db2ad31724f);c:\program files\Google\Update\GoogleUpdate.exe [13. 2. 2009 10:11 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [19. 5. 2009 22:12 38496]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19. 5. 2009 22:09 348752]
S4 Dceabat;Dceabat;c:\windows\System32\drivers\amdide.sys [2. 11. 2006 10:51 15464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-06 08:38]

2009-05-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 08:11]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-NB Probe - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4mfjl0xn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4mfjl0xn.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 08:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\admin\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\APSHook.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\APSHook.dll
c:\program files\asus security center\asus security protect manager\bin\ASWLNPkg.dll
c:\program files\asus security center\asus security protect manager\bin\ItMsg.dll
.
Completion time: 2009-05-20 8:05
ComboFix-quarantined-files.txt 2009-05-20 06:05

Pre-Run: 46 427 762 688 bytes free
Post-Run: 47 503 196 160 bytes free

396 --- E O F --- 2009-05-18 17:08

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\drivers\pctplsg.sys
c:\windows\eReg.dat
c:\users\All Users\nvModes.dat
c:\programdata\nvModes.dat
c:\windows\bthservsdp.dat
c:\users\Default\is30FF.tmp
c:\users\Default\isDC2B.tmp

Driver::
pctplsg
nvModes
bthservsdp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3261889692-1362245188-1876932351-1000]
"EnableNotificationsRef"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[junecek]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:50, on 20. 5. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\ASUS WUSB\WQ_Tray2.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Windows\system32\DllHost.exe
C:\Users\admin\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - Global Startup: Wireless USB Manager.lnk = C:\Program Files\ASUS\ASUS WUSB\WQ_Tray2.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98db2ad31724f) (gupdate1c98db2ad31724f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 10739 bytes



ComboFix 09-05-19.08 - admin . 05. 2009 9:59.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3070.1711 [GMT 2:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
c:\programdata\nvModes.dat
c:\users\All Users\nvModes.dat
c:\users\Default\is30FF.tmp
c:\users\Default\isDC2B.tmp
c:\windows\bthservsdp.dat
c:\windows\eReg.dat
c:\windows\system32\drivers\pctplsg.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\nvModes.dat
c:\users\Default\is30FF.tmp
c:\users\Default\isDC2B.tmp
c:\windows\bthservsdp.dat
c:\windows\eReg.dat
c:\windows\system32\drivers\pctplsg.sys

.
((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-19 20:13 . 2009-05-19 20:13 -------- d-----w c:\users\admin\AppData\Roaming\Malwarebytes
2009-05-19 20:12 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 20:12 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 20:12 . 2009-05-19 20:12 -------- d-----w c:\programdata\Malwarebytes
2009-05-19 20:12 . 2009-05-19 20:12 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-19 20:12 . 2009-05-19 20:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 20:09 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-19 20:09 . 2009-04-03 09:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-19 20:09 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-19 20:09 . 2009-05-19 20:11 -------- d---a-w c:\programdata\TEMP
2009-05-19 20:09 . 2009-05-19 20:11 -------- d---a-w c:\users\All Users\TEMP
2009-05-19 20:09 . 2009-05-19 20:10 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-19 20:09 . 2009-05-19 20:09 -------- d-----w c:\programdata\PC Tools
2009-05-19 20:09 . 2009-05-19 20:09 -------- d-----w c:\users\All Users\PC Tools
2009-05-19 20:09 . 2009-05-19 20:10 -------- d-----w c:\program files\Spyware Doctor
2009-05-19 20:09 . 2009-05-19 20:09 -------- d-----w c:\users\admin\AppData\Roaming\PC Tools
2009-05-19 18:22 . 2009-05-19 18:22 -------- d-----w c:\users\admin\AppData\Roaming\Uniblue
2009-05-19 18:22 . 2009-05-19 18:22 -------- d-----w c:\program files\Uniblue
2009-05-19 18:22 . 2009-05-19 18:22 -------- dc-h--w c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-05-19 18:22 . 2009-05-19 18:22 -------- dc-h--w c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-05-19 15:21 . 2009-05-19 15:21 -------- d-----w c:\windows\PCHEALTH
2009-05-19 15:21 . 2009-05-19 15:21 -------- d-----w c:\program files\Microsoft.NET
2009-05-17 19:33 . 2009-05-20 05:40 -------- d-----w c:\windows\system32\_avast4_
2009-05-17 19:33 . 2009-05-20 08:02 -------- d-----w c:\windows\system32\config\systemprofile\_avast4_
2009-05-17 16:56 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-17 16:56 . 2009-05-17 16:56 -------- d-----w c:\program files\Alwil Software
2009-05-17 09:43 . 2007-03-23 02:05 29272 ----a-r c:\windows\system32\AdobePDF.dll
2009-05-14 20:39 . 2009-05-14 21:54 -------- d-----w c:\program files\The Weather Channel FW
2009-05-14 20:33 . 2009-05-14 21:54 -------- d-----w c:\users\admin\AppData\Local\The Weather Channel
2009-05-06 07:38 . 2009-05-11 18:39 -------- d-----w c:\temp\MPTelemetrySubmit
2009-05-05 10:14 . 2009-05-05 10:14 -------- d-----w c:\users\admin\AppData\Roaming\MathWorks
2009-05-05 09:58 . 2009-05-05 09:58 -------- d-----w c:\program files\MATLAB
2009-05-04 16:55 . 2009-05-06 14:11 -------- d-----w c:\users\admin\AppData\Local\TSVNCache
2009-05-04 16:00 . 2009-05-06 13:51 -------- d-----w c:\users\admin\AppData\Roaming\Xilinx
2009-05-04 15:36 . 2009-05-05 09:01 -------- d-----w c:\users\admin\AppData\Roaming\HDI
2009-05-04 14:09 . 2009-04-02 10:40 16000 ----a-w c:\windows\system32\drivers\xpc4drvr.sys
2009-05-04 14:07 . 2009-05-06 15:00 -------- d-----w C:\.Xilinx
2009-05-04 14:05 . 2009-04-02 10:40 194362 ----a-w c:\windows\system32\drivers\windrvr6.sys
2009-05-04 13:57 . 2009-05-13 13:41 -------- d-----w C:\Xilinx
2009-05-04 13:55 . 2009-05-04 15:15 -------- d-----w c:\users\admin\AppData\Roaming\Download Manager
2009-05-01 17:01 . 2009-05-01 17:01 -------- d-----w c:\users\admin\AppData\Roaming\hte
2009-04-27 18:15 . 2009-04-27 18:15 -------- d-----w c:\program files\VistaCodecPack
2009-04-27 18:14 . 2009-04-27 18:14 -------- d-----w c:\programdata\VistaCodecs
2009-04-27 18:14 . 2009-04-27 18:14 -------- d-----w c:\users\All Users\VistaCodecs
2009-04-27 17:13 . 2009-04-27 17:13 -------- d-----w c:\users\admin\AppData\Roaming\Subversion
2009-04-27 17:07 . 2008-06-19 23:33 5248 ----a-w c:\windows\giveio.sys
2009-04-27 17:04 . 2009-05-13 13:25 -------- d-----w c:\program files\FITkit
2009-04-26 09:33 . 2009-05-02 15:08 -------- d-----w c:\program files\EACOM
2009-04-25 21:42 . 2009-04-25 21:42 -------- d-----w c:\programdata\Winter Sports 2009
2009-04-25 21:42 . 2009-04-25 21:42 -------- d-----w c:\users\All Users\Winter Sports 2009
2009-04-22 18:59 . 2009-04-22 18:59 1033728 ----a-w c:\windows\system32\VSFilter.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 15:43 . 2008-10-08 13:39 8774 ----a-w c:\windows\system32\perfc01B.dat
2009-05-19 15:43 . 2008-10-08 13:39 31814 ----a-w c:\windows\system32\perfh01B.dat
2009-05-19 15:36 . 2008-10-03 07:45 108352 ----a-w c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-18 17:17 . 2008-11-06 11:18 -------- d-----w c:\program files\Google
2009-05-13 13:24 . 2008-10-03 08:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 13:23 . 2008-12-12 10:33 -------- d-----w c:\program files\Maple 11
2009-05-12 21:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-05 21:37 . 2008-10-14 13:39 -------- d-----w c:\program files\Java
2009-03-26 09:03 . 2009-03-26 09:03 286720 ----a-w c:\windows\system32\libcurl.dll
2009-03-26 09:03 . 2009-03-26 09:03 196608 ----a-w c:\windows\system32\ssleay32.dll
2009-03-26 09:03 . 2009-03-26 09:03 1028096 ----a-w c:\windows\system32\libeay32.dll
2009-03-26 09:03 . 2009-03-26 09:03 143360 ----a-w c:\windows\system32\libexpatw.dll
2009-03-25 21:59 . 2008-10-06 09:56 -------- d-----w c:\program files\Mozilla Thunderbird
2009-03-22 19:28 . 2009-03-22 19:28 -------- d-----w c:\program files\ABC 3GP Converter
2009-03-17 03:38 . 2009-04-15 08:50 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 08:50 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-28 09:51 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 08:51 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 08:51 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 08:51 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 08:51 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 08:51 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 08:51 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 08:51 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 08:51 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 08:51 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 08:51 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 08:51 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 08:51 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 08:51 26624 ----a-w c:\windows\system32\ieUnatt.exe
2008-10-08 13:42 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-07-01 17:28 . 2008-07-01 17:28 61440 ----a-w c:\program files\Common Files\CPInstallAction.dll
2008-05-22 07:35 . 2008-05-22 07:35 51962 ----a-w c:\program files\Common Files\banner.jpg
2007-06-12 08:34 . 2007-06-12 08:34 35822 ----a-w c:\program files\Common Files\ASPG_icon.ico
.

((((((((((((((((((((((((((((( SnapShot@2009-05-20_06.04.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 13:02 . 2009-05-20 05:43 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-05-20 07:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-05-20 07:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-05-20 05:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-05-20 07:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-05-20 05:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 39408]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-10-04 3054136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-13 6183456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless USB Manager.lnk - c:\program files\ASUS\ASUS WUSB\WQ_Tray2.exe [2008-5-2 1846328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^KN StrongDC.lnk]
path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KN StrongDC.lnk
backup=c:\windows\pss\KN StrongDC.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3261889692-1362245188-1876932351-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{928BF4CA-E4A6-4B28-88FB-296C7D575AFE}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B7708506-A8F8-4070-B2CD-FA39C9BFC2BA}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{BAC93832-C18D-481C-95FC-4CD82792472D}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{D87CAB8F-47E9-4D82-BE0F-EC8C79FA0224}c:\\windows.old\\program files\\kn_strongdc\\strongdc.exe"= UDP:c:\windows.old\program files\kn_strongdc\strongdc.exe:StrongDC++
"UDP Query User{BE6D67C0-2B52-4ECD-8D00-D2AB233A2F5E}c:\\windows.old\\program files\\kn_strongdc\\strongdc.exe"= TCP:c:\windows.old\program files\kn_strongdc\strongdc.exe:StrongDC++
"TCP Query User{A1F88A40-F25F-4E49-86BA-B76F2E01B6FA}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{101B157C-4033-4CF2-AA30-2DF64B01774B}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{4E462227-9C82-4E33-B3FA-64409D0207C0}c:\\windows.old\\program files\\kn_strongdc\\strongdc.exe"= UDP:c:\windows.old\program files\kn_strongdc\strongdc.exe:StrongDC++
"UDP Query User{D9AA1836-5E99-4259-A59A-C3DE2D944875}c:\\windows.old\\program files\\kn_strongdc\\strongdc.exe"= TCP:c:\windows.old\program files\kn_strongdc\strongdc.exe:StrongDC++
"TCP Query User{F36EC1A5-5F85-4BC3-B124-F5AD10971A41}d:\\kn strongdc\\strongdc.exe"= UDP:d:\kn strongdc\strongdc.exe:StrongDC++
"UDP Query User{BFDBBF40-BB56-4452-8889-1408114E4176}d:\\kn strongdc\\strongdc.exe"= TCP:d:\kn strongdc\strongdc.exe:StrongDC++
"TCP Query User{40FF9043-9413-4E9D-B499-F0FC4949576F}d:\\kn strongdc\\strongdc.exe"= UDP:d:\kn strongdc\strongdc.exe:StrongDC++
"UDP Query User{9197FF53-9713-4A24-81F7-D0D4B7B53C1C}d:\\kn strongdc\\strongdc.exe"= TCP:d:\kn strongdc\strongdc.exe:StrongDC++
"TCP Query User{DE94366A-5B88-4E3C-8204-61CD8F4ED4B5}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{48BEEAB6-124E-42ED-9D76-344A58B7A63D}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{52043D58-7B17-4B03-B24D-755B0849720D}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{1F165665-EDAF-4B99-99A0-F876D61FE4F2}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{E8C392E1-53F4-4C28-B5A2-904924F28C04}d:\\hryy\\vietcong2\\vietcong2.exe"= UDP:d:\hryy\vietcong2\vietcong2.exe:vietcong2
"UDP Query User{9BD90671-83C7-49F9-872F-F828B306C9D5}d:\\hryy\\vietcong2\\vietcong2.exe"= TCP:d:\hryy\vietcong2\vietcong2.exe:vietcong2
"TCP Query User{AC766BCE-DABD-4263-9D01-7293D192FED8}d:\\hryy\\nhl 09\\nhl2009.exe"= UDP:d:\hryy\nhl 09\nhl2009.exe:nhl2009
"UDP Query User{04DFBCB2-9055-4171-9AD3-DC2A8084EDCA}d:\\hryy\\nhl 09\\nhl2009.exe"= TCP:d:\hryy\nhl 09\nhl2009.exe:nhl2009
"TCP Query User{78686083-7991-4B1D-8088-09085271D7CE}d:\\hryy\\gp 4\\gp4.exe"= UDP:d:\hryy\gp 4\gp4.exe:GP4
"UDP Query User{6EA73129-F25C-4E32-9708-C42F5D5E8B3D}d:\\hryy\\gp 4\\gp4.exe"= TCP:d:\hryy\gp 4\gp4.exe:GP4
"TCP Query User{93D1853E-E2E9-4731-AC0D-7FAA11F84B87}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{B56A531E-E59F-4EFD-9B79-9FB3332B5506}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{06C8F2E5-25DB-433A-9ECB-C957D2F954EB}c:\\users\\admin\\documents\\icq\\277802482\\receivedfiles\\192537553 lukeer\\age\\age of empires ii conquerors\\empires2.exe"= UDP:c:\users\admin\documents\icq\277802482\receivedfiles\192537553 lukeer\age\age of empires ii conquerors\empires2.exe:empires2.exe
"UDP Query User{000C53F8-E524-4A88-BA3A-83B181524D02}c:\\users\\admin\\documents\\icq\\277802482\\receivedfiles\\192537553 lukeer\\age\\age of empires ii conquerors\\empires2.exe"= TCP:c:\users\admin\documents\icq\277802482\receivedfiles\192537553 lukeer\age\age of empires ii conquerors\empires2.exe:empires2.exe
"TCP Query User{F06D8A97-E8DA-4993-A667-9AEDCB37A55D}d:\\hryy\\sniper elit\\elite snper\\sniperelite.exe"= UDP:d:\hryy\sniper elit\elite snper\sniperelite.exe:SniperElite
"UDP Query User{96152606-8BD1-4229-98A1-2EA18C264A5D}d:\\hryy\\sniper elit\\elite snper\\sniperelite.exe"= TCP:d:\hryy\sniper elit\elite snper\sniperelite.exe:SniperElite
"TCP Query User{A6C1522A-4430-48FC-B430-1B50F34CB2EC}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{5226910A-E81C-4353-AE42-E7D6F36641F1}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{39CAC5BB-A6F2-401E-88C4-356D5D2ABFF7}c:\\program files\\maple 11\\jre\\bin\\java.exe"= UDP:c:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{9ACCA23A-2A1F-4323-83AB-FE68107F0C2A}c:\\program files\\maple 11\\jre\\bin\\java.exe"= TCP:c:\program files\maple 11\jre\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{99B6A92A-30B6-4611-BE9F-3922A03898D9}c:\\program files\\maple 11\\jre\\bin\\maple.exe"= UDP:c:\program files\maple 11\jre\bin\maple.exe:Maple 11
"UDP Query User{EF7B8A97-83F9-4A37-A678-C594C0F34A5D}c:\\program files\\maple 11\\jre\\bin\\maple.exe"= TCP:c:\program files\maple 11\jre\bin\maple.exe:Maple 11
"TCP Query User{B5F659C0-37B6-437F-BABA-0D6C155DB1FD}d:\\hryy\\nfs\\speed2.exe"= UDP:d:\hryy\nfs\speed2.exe:speed2
"UDP Query User{840DE259-8F19-414D-8A41-BB319991D62A}d:\\hryy\\nfs\\speed2.exe"= TCP:d:\hryy\nfs\speed2.exe:speed2
"TCP Query User{623D1E96-9021-40B8-BF9D-93A5ACBCBC83}d:\\hryy\\rely\\dirtdemo.exe"= UDP:d:\hryy\rely\dirtdemo.exe:DiRT Demo Executable
"UDP Query User{AFAE39F3-F265-43A7-AEB2-8670B054D373}d:\\hryy\\rely\\dirtdemo.exe"= TCP:d:\hryy\rely\dirtdemo.exe:DiRT Demo Executable
"TCP Query User{3AA0D5A6-9421-48C7-AAF5-623D703A1BDD}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{68875E0C-A1EA-4A1E-8856-DEA55242F247}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{3C7B5DEA-2F53-46A2-A2F5-C96EBB2A1F18}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{B05B00E6-4523-4EDB-9C04-AB23C29E7657}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{D7EE51A3-CEDE-4D3C-85AC-2B97FD6CDB19}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{7D01BD23-709B-44B6-96D4-20042A59BBBD}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{C9212D22-3082-424C-B6B7-E1078FD1C0C4}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{9A5F1D12-3995-4FDA-8BA2-6A3C80A267A5}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{485A1201-5DD4-4158-A432-1CFE33AC0494}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{7D2B54CD-F972-4E9A-AE83-CF4E37BB8058}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{D8A024E3-202B-4C0E-BD81-AE83798859AC}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{A491485E-D044-4761-BD52-74EE2DD62B55}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{AE4B9F13-557D-40D8-B3A2-B6A5AB416A0E}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{4DAC0D96-C13A-4A0E-AD67-AB053C37FC75}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{251CF94C-4BB2-4266-91C8-D7F3308F5554}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{297537CB-3818-4EC6-BCAA-6137699785E2}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{1AD7B1FA-D35A-45B9-8B10-DF0AD9D9352A}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{AA0BDF43-C5C6-4DB0-B935-EB413D7A218B}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{FC132C38-E1DE-441D-AF3C-AACA321F07EF}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{9A8F154B-E661-4AF6-A667-67EA531FB9E2}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{0D25894A-4A7C-4E89-BD49-E33A4A073BE6}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{A5102C6A-B965-41E9-9680-FD255DBF6EA4}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{23520C79-BEA0-4B94-A49B-44830ED1C193}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{1CF824D8-303F-4566-AF54-A6C883CE5CEE}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{ACE2EACD-458D-4A60-A6FA-A3085A8DC6BC}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{F8FEE9C9-408D-4850-8AC1-9632AFD6B1C1}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{B22D601D-EF3F-4422-BA6D-44873BC3228C}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{B8A62043-F116-4B65-8F2D-962A2A908D19}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{AAB2858A-7CEF-4BFE-B2CD-502E337D2B70}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{B2A8D3AF-A2D0-40CE-8B3E-BE6F6515443B}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{F622C91E-B30C-4C65-95A9-099B04F5DD47}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{420CABD2-E577-4D24-9CCC-5745A96F832E}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{67A40369-8603-4808-82E8-4AC3DC45DF45}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{40537EFF-321F-4CAA-8F71-2587A9D92B62}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{6F0A2338-8122-40A7-8524-584F674DE4A9}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{7345D603-1A23-4995-9B2B-F7DBFA784216}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{94FD6CFF-C6A1-42DE-AEAC-1B49E660992C}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{7EA564F5-651E-458B-9A94-B666A036B21C}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{863B9AB7-936B-49F6-9C9E-896DC0CD2E27}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{3F15646B-FD93-42D7-AABD-F1E6E55953AD}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{2BA40BA1-9412-4BFC-9E8A-78D69DC20512}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{A3DD697B-1F99-4765-BD9B-68235FA9785A}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{08C0BCDA-0273-44C6-B205-7A60E1546313}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B9FDD451-15F7-4E81-8C9C-90E86AB68921}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{A7900BDC-DF64-4BCC-AC82-9B1ED12E3DCF}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"{52506AD8-2386-400B-92C2-04B206280FFD}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2DC81321-C10D-4E29-98E5-5614732AE376}d:\\hryy\\nhl 2002\\nhl2002.exe"= UDP:d:\hryy\nhl 2002\nhl2002.exe:nhl2002
"UDP Query User{CF3F121A-A7EB-4BFF-9FDE-896F05B5D48A}d:\\hryy\\nhl 2002\\nhl2002.exe"= TCP:d:\hryy\nhl 2002\nhl2002.exe:nhl2002
"{4FECA01D-145B-4F7F-9151-6F89128B28C9}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{EDA5FA17-E0C2-4E1A-9DA9-B3B80D30FAB8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{260589B2-DE39-4C25-9630-0E31734074A4}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{95CFEF85-1A64-437B-A2A6-6067F5FECEE2}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{D2A8608F-F209-4046-8AFA-202D0237F434}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{91D2DCC9-FCDC-4B8B-8DBA-BCEE09D936AD}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{258F6C8D-149F-4E9F-A608-958409F5ED7B}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{051C7E40-FBEE-4E6E-A1DA-EC5DC1CA8B44}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{4D31B1C6-0F05-4D27-9C8E-11BD6A4FD8D9}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{813D5744-A14F-4F9B-9609-DC312C9AE8B0}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{681E646F-6B00-42E6-B3F3-051894F34B20}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype
"{1F174B4C-CA97-4573-BA42-A7B7EA9D67F9}"= c:\windows.old\Program Files\Skype\Phone\Skype.exe:Skype

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [3. 10. 2008 12:33 15416]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [19. 5. 2009 22:09 130936]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17. 5. 2009 18:56 114768]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [9. 10. 2008 13:39 72192]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8. 10. 2008 13:45 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8. 10. 2008 13:45 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17. 5. 2009 18:56 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17. 5. 2009 18:56 51792]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [8. 10. 2008 18:26 29736]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [4. 10. 2008 21:44 474624]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [4. 10. 2008 21:44 206336]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [3. 10. 2008 10:39 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [4. 10. 2008 21:44 3663360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [3. 10. 2008 10:28 44064]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [4. 10. 2008 21:44 6656]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [3. 10. 2008 14:15 240128]
S2 gupdate1c98db2ad31724f;Google Update Service (gupdate1c98db2ad31724f);c:\program files\Google\Update\GoogleUpdate.exe [13. 2. 2009 10:11 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [19. 5. 2009 22:12 38496]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19. 5. 2009 22:09 348752]
S4 Dceabat;Dceabat;c:\windows\System32\drivers\amdide.sys [2. 11. 2006 10:51 15464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-06 08:38]

2009-05-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 08:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\4mfjl0xn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 10:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\APSHook.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\APSHook.dll
c:\program files\asus security center\asus security protect manager\bin\ASWLNPkg.dll
c:\program files\asus security center\asus security protect manager\bin\ItMsg.dll
.
Completion time: 2009-05-20 10:04
ComboFix-quarantined-files.txt 2009-05-20 08:03
ComboFix2.txt 2009-05-20 06:05

Pre-Run: 47 350 857 728 bytes free
Post-Run: 47 500 742 656 bytes free

387 --- E O F --- 2009-05-18 17:08

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Nainstaluj javu:
Java SE Runtime Environment 6u13
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u13-windows-i586-p.exe

Pokud budou stále problémy s chkdsk , bude třeba opravit win:
Nabootuj disk s windows vista -dej instalaci , pak vyber opravit počítač (repair computer) z dalšího menu zvol opravit vše-nevím , jak se to tam jmenuje přesně...

[junecek]

Po vsetkych krokoch som dal znovu chkdsk, a tak isto mi to nepreslo, s tym že bola najdena chyba, jedine co sa zmenilo že nevypisalo subor ose00001.exe, tie zvysne tri ostali. Tak to asi vyzera na reinstall. Diky moc za pomoc.
Uz sa len chcem spytať či to bol vírus, ak ano tak ako som mohol prist k virusu? Alebo je chyba v registroch? Este raz diky.

[jaro3]

Nákaz jsi tam měl hodně , koukni na výpis z MbAM, Combofixu a můj script. Nákazy Ti poškodily windows, zkus to opravit pomocí disku s Windows vista, pak zkus teprve přeinstalaci.