PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:48, on 4. 5. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTFMon] C:\Settings\Miroslav\Desktop\PVO+++\New Folder\CTF\ctfmon.exe
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Winamp Search - C:\Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9598 bytes

Toto tam máš úmyslně?
C:\Settings\Miroslav\Desktop\PVO+++\New Folder\CTF\ctfmon.exe

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Tu je ten log z combofixu
ComboFix 08-05-01.3 - Kobra 2008-05-05 17:52:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.155 [GMT 2:00]
Running from: C:\Settings\Kobra\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\tmp0_100438595448.bk
C:\WINDOWS\system32\tmp0_122436198540.bk
C:\WINDOWS\system32\tmp0_143536795395.bk
C:\WINDOWS\system32\tmp0_147107175376.bk
C:\WINDOWS\system32\tmp0_162814703848.bk
C:\WINDOWS\system32\tmp0_165973453306.bk
C:\WINDOWS\system32\tmp0_169299240495.bk
C:\WINDOWS\system32\tmp0_177024152604.bk
C:\WINDOWS\system32\tmp0_181399295996.bk
C:\WINDOWS\system32\tmp0_189358114639.bk
C:\WINDOWS\system32\tmp0_195890300955.bk
C:\WINDOWS\system32\tmp0_199453723905.bk
C:\WINDOWS\system32\tmp0_202624555248.bk
C:\WINDOWS\system32\tmp0_205364412343.bk
C:\WINDOWS\system32\tmp0_209403655380.bk
C:\WINDOWS\system32\tmp0_21685567947.bk
C:\WINDOWS\system32\tmp0_244541366066.bk
C:\WINDOWS\system32\tmp0_248685567569.bk
C:\WINDOWS\system32\tmp0_264741483286.bk
C:\WINDOWS\system32\tmp0_26727040556.bk
C:\WINDOWS\system32\tmp0_278257829899.bk
C:\WINDOWS\system32\tmp0_289792721105.bk
C:\WINDOWS\system32\tmp0_293254277777.bk
C:\WINDOWS\system32\tmp0_301968309725.bk
C:\WINDOWS\system32\tmp0_33122637884.bk
C:\WINDOWS\system32\tmp0_333057246946.bk
C:\WINDOWS\system32\tmp0_334869864931.bk
C:\WINDOWS\system32\tmp0_335458759672.bk
C:\WINDOWS\system32\tmp0_335798520318.bk
C:\WINDOWS\system32\tmp0_33917873537.bk
C:\WINDOWS\system32\tmp0_339471153275.bk
C:\WINDOWS\system32\tmp0_345953600076.bk
C:\WINDOWS\system32\tmp0_348108205025.bk
C:\WINDOWS\system32\tmp0_36078589967.bk
C:\WINDOWS\system32\tmp0_37434352448.bk
C:\WINDOWS\system32\tmp0_384334770959.bk
C:\WINDOWS\system32\tmp0_391275466272.bk
C:\WINDOWS\system32\tmp0_396639433703.bk
C:\WINDOWS\system32\tmp0_399374492374.bk
C:\WINDOWS\system32\tmp0_403243103635.bk
C:\WINDOWS\system32\tmp0_405948763015.bk
C:\WINDOWS\system32\tmp0_415358449854.bk
C:\WINDOWS\system32\tmp0_418715688904.bk
C:\WINDOWS\system32\tmp0_419313526989.bk
C:\WINDOWS\system32\tmp0_424408735275.bk
C:\WINDOWS\system32\tmp0_425920450071.bk
C:\WINDOWS\system32\tmp0_441277205210.bk
C:\WINDOWS\system32\tmp0_44425525333.bk
C:\WINDOWS\system32\tmp0_4647547884.bk
C:\WINDOWS\system32\tmp0_487334576228.bk
C:\WINDOWS\system32\tmp0_492075497410.bk
C:\WINDOWS\system32\tmp0_49915419523.bk
C:\WINDOWS\system32\tmp0_500553403836.bk
C:\WINDOWS\system32\tmp0_50841226820.bk
C:\WINDOWS\system32\tmp0_522715174215.bk
C:\WINDOWS\system32\tmp0_525217680761.bk
C:\WINDOWS\system32\tmp0_526279754285.bk
C:\WINDOWS\system32\tmp0_537122419887.bk
C:\WINDOWS\system32\tmp0_54121368461.bk
C:\WINDOWS\system32\tmp0_54997798858.bk
C:\WINDOWS\system32\tmp0_559455796843.bk
C:\WINDOWS\system32\tmp0_561061543184.bk
C:\WINDOWS\system32\tmp0_56809916590.bk
C:\WINDOWS\system32\tmp0_575203805440.bk
C:\WINDOWS\system32\tmp0_578625285755.bk
C:\WINDOWS\system32\tmp0_590602156365.bk
C:\WINDOWS\system32\tmp0_591041273051.bk
C:\WINDOWS\system32\tmp0_596934507611.bk
C:\WINDOWS\system32\tmp0_605294255552.bk
C:\WINDOWS\system32\tmp0_612453846049.bk
C:\WINDOWS\system32\tmp0_613115470936.bk
C:\WINDOWS\system32\tmp0_61877691698.bk
C:\WINDOWS\system32\tmp0_637778684702.bk
C:\WINDOWS\system32\tmp0_637789791786.bk
C:\WINDOWS\system32\tmp0_642966897101.bk
C:\WINDOWS\system32\tmp0_644925559364.bk
C:\WINDOWS\system32\tmp0_658121718394.bk
C:\WINDOWS\system32\tmp0_658487751817.bk
C:\WINDOWS\system32\tmp0_660444606553.bk
C:\WINDOWS\system32\tmp0_665318560662.bk
C:\WINDOWS\system32\tmp0_665489423308.bk
C:\WINDOWS\system32\tmp0_671577152184.bk
C:\WINDOWS\system32\tmp0_683235257221.bk
C:\WINDOWS\system32\tmp0_683982389956.bk
C:\WINDOWS\system32\tmp0_694629581812.bk
C:\WINDOWS\system32\tmp0_714944831002.bk
C:\WINDOWS\system32\tmp0_7210858407.bk
C:\WINDOWS\system32\tmp0_733033228536.bk
C:\WINDOWS\system32\tmp0_736388890086.bk
C:\WINDOWS\system32\tmp0_736908757208.bk
C:\WINDOWS\system32\tmp0_737246329668.bk
C:\WINDOWS\system32\tmp0_738782483464.bk
C:\WINDOWS\system32\tmp0_743545265698.bk
C:\WINDOWS\system32\tmp0_755464410775.bk
C:\WINDOWS\system32\tmp0_758758807076.bk
C:\WINDOWS\system32\tmp0_75895338326.bk
C:\WINDOWS\system32\tmp0_762894542798.bk
C:\WINDOWS\system32\tmp0_766971714067.bk
C:\WINDOWS\system32\tmp0_779431471416.bk
C:\WINDOWS\system32\tmp0_779855383455.bk
C:\WINDOWS\system32\tmp0_831536707451.bk
C:\WINDOWS\system32\tmp0_873693525004.bk
C:\WINDOWS\system32\tmp0_877382683392.bk
C:\WINDOWS\system32\tmp0_880818757525.bk
C:\WINDOWS\system32\tmp0_890144748990.bk
C:\WINDOWS\system32\tmp0_893527490395.bk
C:\WINDOWS\system32\tmp0_895018475008.bk
C:\WINDOWS\system32\tmp0_92512136190.bk
C:\WINDOWS\system32\tmp0_94242460763.bk
C:\WINDOWS\system32\tmp1_124951414573.bk
C:\WINDOWS\system32\tmp1_12686342406.bk
C:\WINDOWS\system32\tmp1_129156212591.bk
C:\WINDOWS\system32\tmp1_144152346920.bk
C:\WINDOWS\system32\tmp1_166008139264.bk
C:\WINDOWS\system32\tmp1_188700175263.bk
C:\WINDOWS\system32\tmp1_18994661423.bk
C:\WINDOWS\system32\tmp1_2019552478.bk
C:\WINDOWS\system32\tmp1_222202507004.bk
C:\WINDOWS\system32\tmp1_222632198592.bk
C:\WINDOWS\system32\tmp1_245434466101.bk
C:\WINDOWS\system32\tmp1_248189386633.bk
C:\WINDOWS\system32\tmp1_254351437576.bk
C:\WINDOWS\system32\tmp1_263205322651.bk
C:\WINDOWS\system32\tmp1_27790475496.bk
C:\WINDOWS\system32\tmp1_278689732640.bk
C:\WINDOWS\system32\tmp1_289784538848.bk
C:\WINDOWS\system32\tmp1_313044653443.bk
C:\WINDOWS\system32\tmp1_32636576769.bk
C:\WINDOWS\system32\tmp1_331930269319.bk
C:\WINDOWS\system32\tmp1_332367739800.bk
C:\WINDOWS\system32\tmp1_334428719061.bk
C:\WINDOWS\system32\tmp1_358339490217.bk
C:\WINDOWS\system32\tmp1_360662804161.bk
C:\WINDOWS\system32\tmp1_361081311422.bk
C:\WINDOWS\system32\tmp1_367748640614.bk
C:\WINDOWS\system32\tmp1_379195153286.bk
C:\WINDOWS\system32\tmp1_388038450508.bk
C:\WINDOWS\system32\tmp1_411283715269.bk
C:\WINDOWS\system32\tmp1_41190057765.bk
C:\WINDOWS\system32\tmp1_414721283817.bk
C:\WINDOWS\system32\tmp1_422015576654.bk
C:\WINDOWS\system32\tmp1_426567481698.bk
C:\WINDOWS\system32\tmp1_455143189744.bk
C:\WINDOWS\system32\tmp1_493030419490.bk
C:\WINDOWS\system32\tmp1_498722178354.bk
C:\WINDOWS\system32\tmp1_50318212515.bk
C:\WINDOWS\system32\tmp1_51022119716.bk
C:\WINDOWS\system32\tmp1_51217647219.bk
C:\WINDOWS\system32\tmp1_520606175088.bk
C:\WINDOWS\system32\tmp1_522477828458.bk
C:\WINDOWS\system32\tmp1_54326507563.bk
C:\WINDOWS\system32\tmp1_549115665242.bk
C:\WINDOWS\system32\tmp1_566724277451.bk
C:\WINDOWS\system32\tmp1_57684650901.bk
C:\WINDOWS\system32\tmp1_615771564595.bk
C:\WINDOWS\system32\tmp1_637963164975.bk
C:\WINDOWS\system32\tmp1_64409503840.bk
C:\WINDOWS\system32\tmp1_6667297557.bk
C:\WINDOWS\system32\tmp1_67294879506.bk
C:\WINDOWS\system32\tmp1_679571416518.bk
C:\WINDOWS\system32\tmp1_685741504469.bk
C:\WINDOWS\system32\tmp1_703697194116.bk
C:\WINDOWS\system32\tmp1_703920408660.bk
C:\WINDOWS\system32\tmp1_708971366080.bk
C:\WINDOWS\system32\tmp1_712567877619.bk
C:\WINDOWS\system32\tmp1_71674418045.bk
C:\WINDOWS\system32\tmp1_738872174092.bk
C:\WINDOWS\system32\tmp1_74395482206.bk
C:\WINDOWS\system32\tmp1_744609458352.bk
C:\WINDOWS\system32\tmp1_7576950917.bk
C:\WINDOWS\system32\tmp1_776459486425.bk
C:\WINDOWS\system32\tmp1_779846842687.bk
C:\WINDOWS\system32\tmp1_833279134917.bk
C:\WINDOWS\system32\tmp1_8657536293.bk
C:\WINDOWS\system32\tmp1_865961310373.bk
C:\WINDOWS\system32\tmp1_87635146176.bk
C:\WINDOWS\system32\tmp1_876631243179.bk
C:\WINDOWS\system32\tmp1_88876761351.bk
C:\WINDOWS\system32\tmp1_889463866286.bk
C:\WINDOWS\system32\tmp1_890859567386.bk
C:\WINDOWS\system32\tmp1_92839768557.bk
C:\WINDOWS\system32\tmp1_96886474989.bk
C:\WINDOWS\system32\tmp2_148549830426.bk
C:\WINDOWS\system32\tmp2_153525307204.bk
C:\WINDOWS\system32\tmp2_158226838425.bk
C:\WINDOWS\system32\tmp2_56921747186.bk
C:\WINDOWS\system32\tmp2_705812544119.bk
C:\WINDOWS\system32\tmp2_870611634297.bk
C:\WINDOWS\system32\tmp3_117897345280.bk
C:\WINDOWS\system32\tmp3_120793183904.bk
C:\WINDOWS\system32\tmp3_124951190388.bk
C:\WINDOWS\system32\tmp3_125704303407.bk
C:\WINDOWS\system32\tmp3_137209483423.bk
C:\WINDOWS\system32\tmp3_140823852062.bk
C:\WINDOWS\system32\tmp3_148804260269.bk
C:\WINDOWS\system32\tmp3_152053397924.bk
C:\WINDOWS\system32\tmp3_156262265021.bk
C:\WINDOWS\system32\tmp3_160672538890.bk
C:\WINDOWS\system32\tmp3_171073666944.bk
C:\WINDOWS\system32\tmp3_172006426787.bk
C:\WINDOWS\system32\tmp3_173619552193.bk
C:\WINDOWS\system32\tmp3_192469541559.bk
C:\WINDOWS\system32\tmp3_21875301483.bk
C:\WINDOWS\system32\tmp3_221644899059.bk
C:\WINDOWS\system32\tmp3_225408212359.bk
C:\WINDOWS\system32\tmp3_250811381177.bk
C:\WINDOWS\system32\tmp3_25779471297.bk
C:\WINDOWS\system32\tmp3_267714168033.bk
C:\WINDOWS\system32\tmp3_270004128575.bk
C:\WINDOWS\system32\tmp3_270291381002.bk
C:\WINDOWS\system32\tmp3_274199757413.bk
C:\WINDOWS\system32\tmp3_29509016571.bk
C:\WINDOWS\system32\tmp3_296122567310.bk
C:\WINDOWS\system32\tmp3_303563116443.bk
C:\WINDOWS\system32\tmp3_303634865212.bk
C:\WINDOWS\system32\tmp3_307557577905.bk
C:\WINDOWS\system32\tmp3_319707172885.bk
C:\WINDOWS\system32\tmp3_32773209375.bk
C:\WINDOWS\system32\tmp3_334814315720.bk
C:\WINDOWS\system32\tmp3_342012630158.bk
C:\WINDOWS\system32\tmp3_342957195846.bk
C:\WINDOWS\system32\tmp3_34491246817.bk
C:\WINDOWS\system32\tmp3_360004638203.bk
C:\WINDOWS\system32\tmp3_367351679355.bk
C:\WINDOWS\system32\tmp3_372217379700.bk
C:\WINDOWS\system32\tmp3_394752805813.bk
C:\WINDOWS\system32\tmp3_401188392515.bk
C:\WINDOWS\system32\tmp3_406748816720.bk
C:\WINDOWS\system32\tmp3_409892713653.bk
C:\WINDOWS\system32\tmp3_416277292799.bk
C:\WINDOWS\system32\tmp3_418409812610.bk
C:\WINDOWS\system32\tmp3_452753406772.bk
C:\WINDOWS\system32\tmp3_456312507920.bk
C:\WINDOWS\system32\tmp3_469271388290.bk
C:\WINDOWS\system32\tmp3_475671164357.bk
C:\WINDOWS\system32\tmp3_481445528049.bk
C:\WINDOWS\system32\tmp3_481963181730.bk
C:\WINDOWS\system32\tmp3_483809894683.bk
C:\WINDOWS\system32\tmp3_484066740103.bk
C:\WINDOWS\system32\tmp3_486269208684.bk
C:\WINDOWS\system32\tmp3_494849667225.bk
C:\WINDOWS\system32\tmp3_505189559912.bk
C:\WINDOWS\system32\tmp3_5058584399.bk
C:\WINDOWS\system32\tmp3_508210153549.bk
C:\WINDOWS\system32\tmp3_51162665927.bk
C:\WINDOWS\system32\tmp3_512885848194.bk
C:\WINDOWS\system32\tmp3_513318375496.bk
C:\WINDOWS\system32\tmp3_514924872848.bk
C:\WINDOWS\system32\tmp3_517763354384.bk
C:\WINDOWS\system32\tmp3_525939400854.bk
C:\WINDOWS\system32\tmp3_537617825467.bk
C:\WINDOWS\system32\tmp3_541510318023.bk
C:\WINDOWS\system32\tmp3_556869395128.bk
C:\WINDOWS\system32\tmp3_557137859434.bk
C:\WINDOWS\system32\tmp3_561886267056.bk
C:\WINDOWS\system32\tmp3_57971949548.bk
C:\WINDOWS\system32\tmp3_585504618324.bk
C:\WINDOWS\system32\tmp3_586459578472.bk
C:\WINDOWS\system32\tmp3_586794747623.bk
C:\WINDOWS\system32\tmp3_590477385683.bk
C:\WINDOWS\system32\tmp3_613481436944.bk
C:\WINDOWS\system32\tmp3_615421503045.bk
C:\WINDOWS\system32\tmp3_616573132127.bk
C:\WINDOWS\system32\tmp3_619400755122.bk
C:\WINDOWS\system32\tmp3_629571287467.bk
C:\WINDOWS\system32\tmp3_630083898932.bk
C:\WINDOWS\system32\tmp3_631003573607.bk
C:\WINDOWS\system32\tmp3_653122206624.bk
C:\WINDOWS\system32\tmp3_660733341631.bk
C:\WINDOWS\system32\tmp3_662943412465.bk
C:\WINDOWS\system32\tmp3_671160400058.bk
C:\WINDOWS\system32\tmp3_680695412133.bk
C:\WINDOWS\system32\tmp3_697711367495.bk
C:\WINDOWS\system32\tmp3_70333538217.bk
C:\WINDOWS\system32\tmp3_715368492901.bk
C:\WINDOWS\system32\tmp3_730385838170.bk
C:\WINDOWS\system32\tmp3_73487144353.bk
C:\WINDOWS\system32\tmp3_737518480534.bk
C:\WINDOWS\system32\tmp3_762383281354.bk
C:\WINDOWS\system32\tmp3_785513232821.bk
C:\WINDOWS\system32\tmp3_790948308233.bk
C:\WINDOWS\system32\tmp3_811832578967.bk
C:\WINDOWS\system32\tmp3_818045439072.bk
C:\WINDOWS\system32\tmp3_820078194883.bk
C:\WINDOWS\system32\tmp3_826324587614.bk
C:\WINDOWS\system32\tmp3_838834622476.bk
C:\WINDOWS\system32\tmp3_839035793945.bk
C:\WINDOWS\system32\tmp3_844388177570.bk
C:\WINDOWS\system32\tmp3_852557100149.bk
C:\WINDOWS\system32\tmp3_857509768584.bk
C:\WINDOWS\system32\tmp3_887349634689.bk
C:\WINDOWS\system32\tmp3_889558884505.bk
C:\WINDOWS\system32\tmp3_89130268857.bk
C:\WINDOWS\system32\tmp3_894043619264.bk
C:\WINDOWS\system32\tmp3_899450373226.bk
C:\WINDOWS\system32\tmp3_92886449574.bk
C:\WINDOWS\system32\tmp4_101476404567.bk
C:\WINDOWS\system32\tmp4_109742795617.bk
C:\WINDOWS\system32\tmp4_110218496303.bk
C:\WINDOWS\system32\tmp4_110968565496.bk
C:\WINDOWS\system32\tmp4_119202503800.bk
C:\WINDOWS\system32\tmp4_128096558144.bk
C:\WINDOWS\system32\tmp4_155948254311.bk
C:\WINDOWS\system32\tmp4_156546684131.bk
C:\WINDOWS\system32\tmp4_170270883062.bk
C:\WINDOWS\system32\tmp4_172855597439.bk
C:\WINDOWS\system32\tmp4_175927775344.bk
C:\WINDOWS\system32\tmp4_176303347730.bk
C:\WINDOWS\system32\tmp4_177116132677.bk
C:\WINDOWS\system32\tmp4_178068146594.bk
C:\WINDOWS\system32\tmp4_186407796202.bk
C:\WINDOWS\system32\tmp4_195237697004.bk
C:\WINDOWS\system32\tmp4_2030933515.bk
C:\WINDOWS\system32\tmp4_236487390686.bk
C:\WINDOWS\system32\tmp4_260435419205.bk
C:\WINDOWS\system32\tmp4_265093509241.bk
C:\WINDOWS\system32\tmp4_300354739682.bk
C:\WINDOWS\system32\tmp4_30051443796.bk
C:\WINDOWS\system32\tmp4_311596518520.bk
C:\WINDOWS\system32\tmp4_315264380541.bk
C:\WINDOWS\system32\tmp4_318349237699.bk
C:\WINDOWS\system32\tmp4_320611207510.bk
C:\WINDOWS\system32\tmp4_322562555586.bk
C:\WINDOWS\system32\tmp4_32728238142.bk
C:\WINDOWS\system32\tmp4_337720863449.bk
C:\WINDOWS\system32\tmp4_344963737564.bk
C:\WINDOWS\system32\tmp4_347433882577.bk
C:\WINDOWS\system32\tmp4_352514596390.bk
C:\WINDOWS\system32\tmp4_357368372079.bk
C:\WINDOWS\system32\tmp4_381297363038.bk
C:\WINDOWS\system32\tmp4_391006684970.bk
C:\WINDOWS\system32\tmp4_395039475444.bk
C:\WINDOWS\system32\tmp4_399485698871.bk
C:\WINDOWS\system32\tmp4_401523288777.bk
C:\WINDOWS\system32\tmp4_406181100432.bk
C:\WINDOWS\system32\tmp4_406749779485.bk
C:\WINDOWS\system32\tmp4_408690435121.bk
C:\WINDOWS\system32\tmp4_415888570872.bk
C:\WINDOWS\system32\tmp4_418804343269.bk
C:\WINDOWS\system32\tmp4_423709469160.bk
C:\WINDOWS\system32\tmp4_428801865882.bk
C:\WINDOWS\system32\tmp4_429926785843.bk
C:\WINDOWS\system32\tmp4_44125927031.bk
C:\WINDOWS\system32\tmp4_446973224413.bk
C:\WINDOWS\system32\tmp4_448773670053.bk
C:\WINDOWS\system32\tmp4_456224181669.bk
C:\WINDOWS\system32\tmp4_463347590939.bk
C:\WINDOWS\system32\tmp4_463843398296.bk
C:\WINDOWS\system32\tmp4_478821521042.bk
C:\WINDOWS\system32\tmp4_485936481009.bk
C:\WINDOWS\system32\tmp4_489405349330.bk
C:\WINDOWS\system32\tmp4_500509310899.bk
C:\WINDOWS\system32\tmp4_503947576665.bk
C:\WINDOWS\system32\tmp4_507232850289.bk
C:\WINDOWS\system32\tmp4_510023460117.bk
C:\WINDOWS\system32\tmp4_528337689668.bk
C:\WINDOWS\system32\tmp4_5294521056.bk
C:\WINDOWS\system32\tmp4_530431800084.bk
C:\WINDOWS\system32\tmp4_547863289230.bk
C:\WINDOWS\system32\tmp4_551358344902.bk
C:\WINDOWS\system32\tmp4_568958873652.bk
C:\WINDOWS\system32\tmp4_57298409875.bk
C:\WINDOWS\system32\tmp4_583585671708.bk
C:\WINDOWS\system32\tmp4_60118226496.bk
C:\WINDOWS\system32\tmp4_608172847981.bk
C:\WINDOWS\system32\tmp4_615672679838.bk
C:\WINDOWS\system32\tmp4_61805361402.bk
C:\WINDOWS\system32\tmp4_621119775212.bk
C:\WINDOWS\system32\tmp4_62586657807.bk
C:\WINDOWS\system32\tmp4_634434701268.bk
C:\WINDOWS\system32\tmp4_636163552325.bk
C:\WINDOWS\system32\tmp4_648721862412.bk
C:\WINDOWS\system32\tmp4_65200822072.bk
C:\WINDOWS\system32\tmp4_65294852946.bk
C:\WINDOWS\system32\tmp4_66811191006.bk
C:\WINDOWS\system32\tmp4_669392832894.bk
C:\WINDOWS\system32\tmp4_677107859707.bk
C:\WINDOWS\system32\tmp4_68243792780.bk
C:\WINDOWS\system32\tmp4_690694412309.bk
C:\WINDOWS\system32\tmp4_701514204395.bk
C:\WINDOWS\system32\tmp4_704080204445.bk
C:\WINDOWS\system32\tmp4_711808681066.bk
C:\WINDOWS\system32\tmp4_713930636374.bk
C:\WINDOWS\system32\tmp4_71983381869.bk
C:\WINDOWS\system32\tmp4_724050470827.bk
C:\WINDOWS\system32\tmp4_725810457941.bk
C:\WINDOWS\system32\tmp4_726485705238.bk
C:\WINDOWS\system32\tmp4_750811465550.bk
C:\WINDOWS\system32\tmp4_754627164725.bk
C:\WINDOWS\system32\tmp4_756032791739.bk
C:\WINDOWS\system32\tmp4_764951347606.bk
C:\WINDOWS\system32\tmp4_766987145896.bk
C:\WINDOWS\system32\tmp4_781987142375.bk
C:\WINDOWS\system32\tmp4_783995110961.bk
C:\WINDOWS\system32\tmp4_784035599021.bk
C:\WINDOWS\system32\tmp4_784849821757.bk
C:\WINDOWS\system32\tmp4_787089277154.bk
C:\WINDOWS\system32\tmp4_811630627754.bk
C:\WINDOWS\system32\tmp4_855699480400.bk
C:\WINDOWS\system32\tmp4_872438565409.bk
C:\WINDOWS\system32\tmp4_889587133406.bk
C:\WINDOWS\system32\tmp4_89152607959.bk
C:\WINDOWS\system32\tmp4_89403182870.bk
C:\WINDOWS\system32\tmp4_898138386562.bk
.
---- Previous Run -------
.
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\rightonadz-uninst.exe

----- BITS: Possible infected sites -----

hxxp://exteel.patcher.ncsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NWSAPAGENT
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_6to4
-------\Service_NwSapAgent
-------\Service_perfmons


((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-04 20:19 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-04 20:19 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-04 19:57 . 2008-05-04 20:02 <DIR> d-------- C:\Program Files\NCSoft
2008-05-04 19:52 . 2008-05-04 19:53 <DIR> d-------- C:\Settings\Kobra\Application Data\GetRightToGo
2008-05-04 19:12 . 2008-05-04 19:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 16:02 . 2008-04-30 16:02 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d-------- C:\Program Files\Razer
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d-------- C:\Program Files\DIFX
2008-04-29 19:17 . 2006-08-08 09:52 73,728 --a------ C:\WINDOWS\system32\habu.cpl
2008-04-29 19:17 . 2006-10-23 12:09 27,776 --a------ C:\WINDOWS\system32\drivers\habu.sys
2008-04-29 19:17 . 2005-12-21 11:23 14,592 --a------ C:\WINDOWS\system32\drivers\USBICP.sys
2008-04-29 19:15 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-27 18:37 . 2008-04-27 18:38 <DIR> d-------- C:\Settings\DeathMaker\Application Data\Ventrilo
2008-04-27 18:37 . 2008-04-27 18:37 <DIR> d-------- C:\Program Files\Ventrilo
2008-04-26 16:38 . 2008-04-26 16:38 <DIR> d-------- C:\Settings\NetworkService\Application Data\Xfire
2008-04-26 12:31 . 2007-05-15 05:41 14,336 --a------ C:\WINDOWS\system32\drivers\FNM2D.tmp
2008-04-26 12:31 . 2007-05-15 05:40 14,336 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys
2008-04-26 12:31 . 2007-05-15 05:38 9,216 --a------ C:\WINDOWS\system32\drivers\FNM2E.tmp
2008-04-24 18:14 . 2008-05-02 20:41 <DIR> d-------- C:\Settings\DeathMaker\Application Data\Xfire
2008-04-24 18:14 . 2008-05-02 15:24 <DIR> d-------- C:\Program Files\Xfire
2008-04-23 20:39 . 2008-04-23 20:52 <DIR> d-------- C:\Settings\DeathMaker\Application Data\U3
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-18 15:23 . 2007-05-15 05:41 14,336 --a------ C:\WINDOWS\system32\drivers\FNM32.tmp
2008-04-18 15:23 . 2007-05-15 05:38 9,216 --a------ C:\WINDOWS\system32\drivers\FNM33.tmp
2008-04-16 15:29 . 2008-04-16 15:29 <DIR> d-------- C:\Settings\All Users\Application Data\Winamp Toolbar
2008-04-16 15:29 . 2008-04-16 15:29 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-04-09 14:30 . 2008-04-09 14:30 <DIR> d-------- C:\Program Files\Cycore Systems Presets
2008-04-09 14:30 . 2003-03-15 23:15 90,112 --a------ C:\WINDOWS\unvise32.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 16:01 --------- d-----w C:\Settings\Kobra\Application Data\Hamachi
2008-05-05 16:00 --------- d-----w C:\Program Files\Steam
2008-05-04 19:38 --------- d-----w C:\Settings\Kobra\Application Data\HLSW
2008-05-04 19:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-04 17:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 11:24 --------- d-----w C:\Settings\DeathMaker\Application Data\Hamachi
2008-05-03 17:12 --------- d-----w C:\Settings\Kobra\Application Data\teamspeak2
2008-05-03 15:26 --------- d-----w C:\Settings\Kobra\Application Data\LimeWire
2008-05-02 13:55 --------- d-----w C:\Settings\DeathMaker\Application Data\LimeWire
2008-04-30 20:18 --------- d-s---w C:\Program Files\HLSW
2008-04-30 17:43 --------- d-----w C:\Program Files\EvilLyrics
2008-04-27 17:05 --------- d-----w C:\Settings\DeathMaker\Application Data\HLSW
2008-04-27 16:42 --------- d-----w C:\Settings\DeathMaker\Application Data\teamspeak2
2008-04-27 16:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-26 10:48 --------- d-----w C:\Program Files\A4Tech
2008-04-24 13:30 --------- d-----w C:\Program Files\LimeWire
2008-04-24 13:16 --------- d-----w C:\Settings\Kobra\Application Data\U3
2008-04-17 11:30 --------- d-----w C:\Program Files\ICQ6
2008-04-16 13:29 --------- d-----w C:\Program Files\Winamp
2008-04-11 11:48 --------- d---a-w C:\Settings\All Users\Application Data\TEMP
2008-04-10 09:49 --------- d-----w C:\Settings\Miroslav\Application Data\Skype
2008-04-08 17:16 --------- d-----w C:\Program Files\Songbird
2008-04-06 18:57 --------- d-----w C:\Settings\DeathMaker\Application Data\FileZilla
2008-04-02 14:44 --------- d-----w C:\Settings\DeathMaker\Application Data\SpieleEntwicklungsKombinat
2008-04-02 12:58 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-02 12:58 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-02 12:58 --------- d-----w C:\Settings\All Users\Application Data\SpieleEntwicklungsKombinat
2008-03-31 19:51 --------- d-----w C:\Settings\Kobra\Application Data\Winamp
2008-03-31 10:57 --------- d-----w C:\Program Files\LucasArts
2008-03-28 18:58 --------- d-----w C:\Program Files\Java
2008-03-26 09:43 --------- d-----w C:\Program Files\3DO
2008-03-25 19:26 --------- d-----w C:\Settings\Kobra\Application Data\Sony
2008-03-25 11:31 --------- d-----w C:\Settings\DeathMaker\Application Data\Petroglyph
2008-03-23 19:43 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2008-03-21 19:47 --------- d-----w C:\Settings\DeathMaker\Application Data\Songbird1
2008-03-21 18:57 --------- d-----w C:\Program Files\The KMPlayer
2008-03-18 14:30 --------- d-----w C:\Settings\All Users\Application Data\Adobe Systems
2008-03-18 14:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 14:26 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-16 17:19 --------- d-----w C:\Settings\All Users\Application Data\FLEXnet
2008-03-12 19:31 --------- d-----w C:\Settings\Kobra\Application Data\Command & Conquer 3 Tiberium Wars
2008-03-12 18:13 --------- d--h--r C:\Settings\Kobra\Application Data\SecuROM
2008-03-11 20:42 --------- d-----w C:\Program Files\Sony
2008-03-11 20:41 --------- d-----w C:\Program Files\Sony Setup
2008-03-10 14:49 --------- d-----w C:\Settings\All Users\Application Data\Sony
2008-03-09 14:05 --------- d-----w C:\Program Files\MagicISO
2008-03-08 18:56 --------- d-----w C:\Settings\Miroslav\Application Data\Hamachi
2008-03-06 16:48 --------- d-----w C:\Program Files\NAMCO BANDAI Games
2007-11-19 20:12 22,328 ----a-w C:\Settings\Kobra\Application Data\PnkBstrK.sys
2007-11-06 14:12 81,920 ----a-w C:\Settings\DeathMaker\Application Data\ezpinst.exe
2007-11-06 14:12 47,360 ----a-w C:\Settings\DeathMaker\Application Data\pcouffin.sys
2007-12-24 19:30 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 17:12 1271032]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 21:00 294912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 10:53 65024 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-13 18:58 282624]
"CTFMon"="C:\Settings\Miroslav\Desktop\PVO+++\New Folder\CTF\ctfmon.exe" [ ]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 11:58 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Settings\DeathMaker\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-23 00:29:52 2998608]

C:\Settings\Kobra\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-30 21:32:22 113664]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-03-01 16:10:50 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.FFDS"= ffdshow.ax
"vidc.avrn"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"msacm.msadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.i420"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.msvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.pdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll
"SENTINEL"= snti386.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"D:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\OpenTTD\\openttd.exe"=
"D:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"D:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 05:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 12:09]
R3 Moufiltr;Mouse Test Driver;C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 15:13]
R3 MouseCap;MouseCapture Driver;C:\WINDOWS\system32\Drivers\MouseCap.sys [2005-08-08 14:44]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a851289-ab1c-11dc-9546-0011d8ad3aaf}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a85128a-ab1c-11dc-9546-0011d8ad3aaf}]
\shell\Setup\command - setup.exe

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 18:00:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-05-05 18:07:33 - machine was rebooted [Kobra]
ComboFix-quarantined-files.txt 2008-05-05 16:07:27

Pre-Run: 3,645,411,328 bytes free
Post-Run: 7,186,354,176 bytes free

786 --- E O F --- 2008-04-11 10:05:55

mimochodom...ked som ten ComboFix spustil 1x tak po chvilke som mal modru obrazovku...reset a potom to uz ficalo

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: vyp.bat
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu a spusť ho, počkej až proběhne a zobrazí se ti log tak ho sem vlož.

------------- VypSou -------------
Volume in drive C has no label.
Volume Serial Number is EC40-3D3F

Directory of c:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\plug_ins\PaperCapture\Server\Asian\Resources\CMap

26. 03. 2003 03:22 3ÿ778 H
1 File(s) 3ÿ778 bytes

Directory of c:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\data\psdisk\Resource\CMap

25. 04. 2003 11:26 3ÿ960 H
1 File(s) 3ÿ960 bytes

Directory of c:\Program Files\Adobe\Acrobat 6.0 CE\Resource\Cmap

23. 04. 2003 18:12 3ÿ960 H
1 File(s) 3ÿ960 bytes

Directory of c:\Program Files\Common Files\Adobe\Fonts\Reqrd\CMaps

13. 12. 2001 21:50 3ÿ960 H
1 File(s) 3ÿ960 bytes

Directory of c:\WINDOWS\system32\drivers

15. 05. 2007 05:41 14ÿ336 FNM2D.tmp
15. 05. 2007 05:38 9ÿ216 FNM2E.tmp
15. 05. 2007 05:41 14ÿ336 FNM32.tmp
15. 05. 2007 05:38 9ÿ216 FNM33.tmp
4 File(s) 47ÿ104 bytes

Total Files Listed:
8 File(s) 62ÿ762 bytes
0 Dir(s) 7ÿ204ÿ175ÿ872 bytes free

ja som medzicasom zmazal tie subory s priponou .bk...dufam ze to nie je zle....

Doporučil bych ti odinstalovat přes Přidat nebo odebrat programy:
Ask Toolbar

Stejná otázka jako minule, toto tam máš úmyslně?
C:\Settings\Miroslav\Desktop\PVO+++\New Folder\CTF\ctfmon.exe

Jestli myslíš ty co byly na začátku výpisu v ComboFixu, pod položkou Other Deletions tak to CF smazal.

Před použitím CFScriptu smaž ComboFix který máš na ploše a stáhni si ho znovu na plochu. Pak si otevři
Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
Na ploše se ti vytvoří soubor Submit(Datum+Čas).zip, vlož ho jako přílohu ke svému dalšímu příspěvku.

ten ASK TOOLBAR smo nenasiel v ponuke

ten ctfmon.exe.... neviem ani co to je takze to asi nebude umysselne...mam sa toho zbavit?

mno hej, ale ono to nezmazalo iba presunulo do c:\QooBox\Quarantine\C a odtial smo to zmazal

tu je ten log + .zip subor
//díky za nahrání fredik
ComboFix 08-05-09.1 - Kobra 2008-05-10 14:07:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.145 [GMT 2:00]
Running from: C:\Settings\Kobra\Desktop\ComboFix.exe
Command switches used :: C:\Settings\Kobra\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\comsa32.sys

----- BITS: Possible infected sites -----

hxxp://launcher.patcher.ncsoft.com
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-04 20:19 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-04 20:19 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-04 19:57 . 2008-05-04 20:02 <DIR> d-------- C:\Program Files\NCSoft
2008-05-04 19:52 . 2008-05-04 19:53 <DIR> d-------- C:\Settings\Kobra\Application Data\GetRightToGo
2008-05-04 19:12 . 2008-05-04 19:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 16:02 . 2008-04-30 16:02 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d-------- C:\Program Files\Razer
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d-------- C:\Program Files\DIFX
2008-04-29 19:17 . 2006-08-08 09:52 73,728 --a------ C:\WINDOWS\system32\habu.cpl
2008-04-29 19:17 . 2006-10-23 12:09 27,776 --a------ C:\WINDOWS\system32\drivers\habu.sys
2008-04-29 19:17 . 2005-12-21 11:23 14,592 --a------ C:\WINDOWS\system32\drivers\USBICP.sys
2008-04-29 19:15 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-27 18:37 . 2008-04-27 18:38 <DIR> d-------- C:\Settings\DeathMaker\Application Data\Ventrilo
2008-04-27 18:37 . 2008-04-27 18:37 <DIR> d-------- C:\Program Files\Ventrilo
2008-04-26 16:38 . 2008-04-26 16:38 <DIR> d-------- C:\Settings\NetworkService\Application Data\Xfire
2008-04-26 12:31 . 2007-05-15 05:41 14,336 --a------ C:\WINDOWS\system32\drivers\FNM2D.tmp
2008-04-26 12:31 . 2007-05-15 05:40 14,336 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys
2008-04-26 12:31 . 2007-05-15 05:38 9,216 --a------ C:\WINDOWS\system32\drivers\FNM2E.tmp
2008-04-24 18:14 . 2008-05-02 20:41 <DIR> d-------- C:\Settings\DeathMaker\Application Data\Xfire
2008-04-24 18:14 . 2008-05-10 10:45 <DIR> d-------- C:\Program Files\Xfire
2008-04-23 20:39 . 2008-04-23 20:52 <DIR> d-------- C:\Settings\DeathMaker\Application Data\U3
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-18 15:23 . 2007-05-15 05:41 14,336 --a------ C:\WINDOWS\system32\drivers\FNM32.tmp
2008-04-18 15:23 . 2007-05-15 05:38 9,216 --a------ C:\WINDOWS\system32\drivers\FNM33.tmp
2008-04-16 15:29 . 2008-04-16 15:29 <DIR> d-------- C:\Settings\All Users\Application Data\Winamp Toolbar
2008-04-16 15:29 . 2008-04-16 15:29 <DIR> d-------- C:\Program Files\Winamp Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 12:11 --------- d-----w C:\Settings\Kobra\Application Data\Hamachi
2008-05-10 12:01 --------- d-----w C:\Settings\Kobra\Application Data\LimeWire
2008-05-10 11:43 --------- d-----w C:\Program Files\Steam
2008-05-10 10:02 --------- d-----w C:\Program Files\Songbird
2008-05-08 20:07 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-08 20:07 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-08 20:07 --------- d-----w C:\Settings\Kobra\Application Data\HLSW
2008-05-08 15:27 --------- d-----w C:\Settings\Kobra\Application Data\teamspeak2
2008-05-04 17:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-04 11:24 --------- d-----w C:\Settings\DeathMaker\Application Data\Hamachi
2008-05-02 13:55 --------- d-----w C:\Settings\DeathMaker\Application Data\LimeWire
2008-04-30 20:18 --------- d-s---w C:\Program Files\HLSW
2008-04-30 17:43 --------- d-----w C:\Program Files\EvilLyrics
2008-04-27 17:05 --------- d-----w C:\Settings\DeathMaker\Application Data\HLSW
2008-04-27 16:42 --------- d-----w C:\Settings\DeathMaker\Application Data\teamspeak2
2008-04-27 16:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-26 10:48 --------- d-----w C:\Program Files\A4Tech
2008-04-24 13:30 --------- d-----w C:\Program Files\LimeWire
2008-04-24 13:16 --------- d-----w C:\Settings\Kobra\Application Data\U3
2008-04-17 11:30 --------- d-----w C:\Program Files\ICQ6
2008-04-16 13:29 --------- d-----w C:\Program Files\Winamp
2008-04-11 11:48 --------- d---a-w C:\Settings\All Users\Application Data\TEMP
2008-04-10 09:49 --------- d-----w C:\Settings\Miroslav\Application Data\Skype
2008-04-09 12:30 --------- d-----w C:\Program Files\Cycore Systems Presets
2008-04-06 18:57 --------- d-----w C:\Settings\DeathMaker\Application Data\FileZilla
2008-04-02 14:44 --------- d-----w C:\Settings\DeathMaker\Application Data\SpieleEntwicklungsKombinat
2008-04-02 12:58 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-02 12:58 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-02 12:58 --------- d-----w C:\Settings\All Users\Application Data\SpieleEntwicklungsKombinat
2008-03-31 19:51 --------- d-----w C:\Settings\Kobra\Application Data\Winamp
2008-03-31 10:57 --------- d-----w C:\Program Files\LucasArts
2008-03-28 18:58 --------- d-----w C:\Program Files\Java
2008-03-26 09:43 --------- d-----w C:\Program Files\3DO
2008-03-25 19:26 --------- d-----w C:\Settings\Kobra\Application Data\Sony
2008-03-25 11:31 --------- d-----w C:\Settings\DeathMaker\Application Data\Petroglyph
2008-03-23 19:43 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2008-03-21 19:47 --------- d-----w C:\Settings\DeathMaker\Application Data\Songbird1
2008-03-21 18:57 --------- d-----w C:\Program Files\The KMPlayer
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-18 14:30 --------- d-----w C:\Settings\All Users\Application Data\Adobe Systems
2008-03-18 14:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 14:26 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-16 17:19 --------- d-----w C:\Settings\All Users\Application Data\FLEXnet
2008-03-12 19:31 --------- d-----w C:\Settings\Kobra\Application Data\Command & Conquer 3 Tiberium Wars
2008-03-12 18:13 --------- d--h--r C:\Settings\Kobra\Application Data\SecuROM
2008-03-11 20:42 --------- d-----w C:\Program Files\Sony
2008-03-11 20:41 --------- d-----w C:\Program Files\Sony Setup
2008-03-10 14:49 --------- d-----w C:\Settings\All Users\Application Data\Sony
2008-03-01 16:36 3,591,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\DllCache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\DllCache\ieudinit.exe
2008-02-20 08:55 265,728 ----a-w C:\WINDOWS\system32\ndt2.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\DllCache\ieakui.dll
2007-11-19 20:12 22,328 ----a-w C:\Settings\Kobra\Application Data\PnkBstrK.sys
2007-11-06 14:12 81,920 ----a-w C:\Settings\DeathMaker\Application Data\ezpinst.exe
2007-11-06 14:12 47,360 ----a-w C:\Settings\DeathMaker\Application Data\pcouffin.sys
2007-12-24 19:30 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-05_18.07.11.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 16:00:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 08:44:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-10 08:44:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_754.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 17:12 1271032]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 21:00 294912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 10:53 65024 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-13 18:58 282624]
"CTFMon"="C:\Settings\Miroslav\Desktop\PVO+++\New Folder\CTF\ctfmon.exe" [ ]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 11:58 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Settings\Kobra\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-30 21:32:22 113664]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-03-01 16:10:50 624416]

C:\Settings\DeathMaker\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-23 00:29:52 2998608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.FFDS"= ffdshow.ax
"vidc.avrn"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"msacm.msadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.i420"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.msvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.pdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll
"SENTINEL"= snti386.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"D:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"D:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\OpenTTD\\openttd.exe"=
"D:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"D:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 05:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 12:09]
R3 Moufiltr;Mouse Test Driver;C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 15:13]
R3 MouseCap;MouseCapture Driver;C:\WINDOWS\system32\Drivers\MouseCap.sys [2005-08-08 14:44]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\NCsoft\Exteel\System\GameGuard\dump_wmimmc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a851289-ab1c-11dc-9546-0011d8ad3aaf}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a85128a-ab1c-11dc-9546-0011d8ad3aaf}]
\shell\Setup\command - setup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 14:11:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-10 14:13:48
ComboFix-quarantined-files.txt 2008-05-10 12:13:44
ComboFix2.txt 2008-05-05 16:07:34

Pre-Run: 3,684,634,624 bytes free
Post-Run: 3,695,431,680 bytes free

377 --- E O F --- 2008-04-11 10:05:55

To je složka kam si CF dělá zálohy věcí, které odstranil. To by se pak odstraní na konci až bude vše Ok, takže nevadí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O4 - HKLM\..\Run: [CTFMon] C:\Settings\Miroslav\Desktop\PVO+++\New Folder\CTF\ctfmon.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked
Pak HJT zavři.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí, ale s tím rozdílem, že tentokrát vlož do něho toto:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Vlož sem pak znovu log z ComboFix po jeho proběhnutí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z ComboFix
- log z SUPERAntiSpyware
- nový log z HJT

Tu je ComboFix:

ComboFix 08-05-09.1 - Kobra 2008-05-12 12:44:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.102 [GMT 2:00]
Running from: C:\Settings\Kobra\Desktop\ComboFix.exe
Command switches used :: C:\Settings\Kobra\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ndt2.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ndt2.sys

.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-10 18:29 . 2008-05-10 18:29 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2008-05-04 20:19 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-04 20:19 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-04 19:57 . 2008-05-04 20:02 <DIR> d-------- C:\Program Files\NCSoft
2008-05-04 19:52 . 2008-05-04 19:53 <DIR> d-------- C:\Settings\Kobra\Application Data\GetRightToGo
2008-05-04 19:12 . 2008-05-04 19:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 16:02 . 2008-04-30 16:02 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d-------- C:\Program Files\Razer
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d-------- C:\Program Files\DIFX
2008-04-29 19:17 . 2006-08-08 09:52 73,728 --a------ C:\WINDOWS\system32\habu.cpl
2008-04-29 19:17 . 2006-10-23 12:09 27,776 --a------ C:\WINDOWS\system32\drivers\habu.sys
2008-04-29 19:17 . 2005-12-21 11:23 14,592 --a------ C:\WINDOWS\system32\drivers\USBICP.sys
2008-04-29 19:15 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-27 18:37 . 2008-04-27 18:38 <DIR> d-------- C:\Settings\DeathMaker\Application Data\Ventrilo
2008-04-27 18:37 . 2008-04-27 18:37 <DIR> d-------- C:\Program Files\Ventrilo
2008-04-26 16:38 . 2008-04-26 16:38 <DIR> d-------- C:\Settings\NetworkService\Application Data\Xfire
2008-04-26 12:31 . 2007-05-15 05:41 14,336 --a------ C:\WINDOWS\system32\drivers\FNM2D.tmp
2008-04-26 12:31 . 2007-05-15 05:40 14,336 --a------ C:\WINDOWS\system32\drivers\Amps2prt.sys
2008-04-26 12:31 . 2007-05-15 05:38 9,216 --a------ C:\WINDOWS\system32\drivers\FNM2E.tmp
2008-04-24 18:14 . 2008-05-02 20:41 <DIR> d-------- C:\Settings\DeathMaker\Application Data\Xfire
2008-04-24 18:14 . 2008-05-10 10:45 <DIR> d-------- C:\Program Files\Xfire
2008-04-23 20:39 . 2008-04-23 20:52 <DIR> d-------- C:\Settings\DeathMaker\Application Data\U3
2008-04-23 00:29 . 2008-04-23 00:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-18 15:23 . 2007-05-15 05:41 14,336 --a------ C:\WINDOWS\system32\drivers\FNM32.tmp
2008-04-18 15:23 . 2007-05-15 05:38 9,216 --a------ C:\WINDOWS\system32\drivers\FNM33.tmp
2008-04-16 15:29 . 2008-04-16 15:29 <DIR> d-------- C:\Settings\All Users\Application Data\Winamp Toolbar
2008-04-16 15:29 . 2008-04-16 15:29 <DIR> d-------- C:\Program Files\Winamp Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 10:47 --------- d-----w C:\Settings\Kobra\Application Data\Hamachi
2008-05-12 10:31 --------- d-----w C:\Program Files\Steam
2008-05-10 16:29 --------- d-----w C:\Settings\All Users\Application Data\Outspark
2008-05-10 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 16:27 --------- d-----w C:\Program Files\Autodesk
2008-05-10 16:22 --------- d-----w C:\Settings\Kobra\Application Data\HLSW
2008-05-10 15:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-10 15:59 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-10 13:40 --------- d-----w C:\Settings\Kobra\Application Data\teamspeak2
2008-05-10 12:01 --------- d-----w C:\Settings\Kobra\Application Data\LimeWire
2008-05-10 10:02 --------- d-----w C:\Program Files\Songbird
2008-05-04 11:24 --------- d-----w C:\Settings\DeathMaker\Application Data\Hamachi
2008-05-02 13:55 --------- d-----w C:\Settings\DeathMaker\Application Data\LimeWire
2008-04-30 20:18 --------- d-s---w C:\Program Files\HLSW
2008-04-30 17:43 --------- d-----w C:\Program Files\EvilLyrics
2008-04-27 17:05 --------- d-----w C:\Settings\DeathMaker\Application Data\HLSW
2008-04-27 16:42 --------- d-----w C:\Settings\DeathMaker\Application Data\teamspeak2
2008-04-27 16:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-26 10:48 --------- d-----w C:\Program Files\A4Tech
2008-04-24 13:30 --------- d-----w C:\Program Files\LimeWire
2008-04-24 13:16 --------- d-----w C:\Settings\Kobra\Application Data\U3
2008-04-17 11:30 --------- d-----w C:\Program Files\ICQ6
2008-04-16 13:29 --------- d-----w C:\Program Files\Winamp
2008-04-11 11:48 --------- d---a-w C:\Settings\All Users\Application Data\TEMP
2008-04-10 09:49 --------- d-----w C:\Settings\Miroslav\Application Data\Skype
2008-04-09 12:30 --------- d-----w C:\Program Files\Cycore Systems Presets
2008-04-06 18:57 --------- d-----w C:\Settings\DeathMaker\Application Data\FileZilla
2008-04-02 14:44 --------- d-----w C:\Settings\DeathMaker\Application Data\SpieleEntwicklungsKombinat
2008-04-02 12:58 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-02 12:58 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-02 12:58 --------- d-----w C:\Settings\All Users\Application Data\SpieleEntwicklungsKombinat
2008-03-31 19:51 --------- d-----w C:\Settings\Kobra\Application Data\Winamp
2008-03-31 10:57 --------- d-----w C:\Program Files\LucasArts
2008-03-28 18:58 --------- d-----w C:\Program Files\Java
2008-03-26 09:43 --------- d-----w C:\Program Files\3DO
2008-03-25 19:26 --------- d-----w C:\Settings\Kobra\Application Data\Sony
2008-03-25 11:31 --------- d-----w C:\Settings\DeathMaker\Application Data\Petroglyph
2008-03-23 19:43 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2008-03-21 19:47 --------- d-----w C:\Settings\DeathMaker\Application Data\Songbird1
2008-03-21 18:57 --------- d-----w C:\Program Files\The KMPlayer
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-18 14:30 --------- d-----w C:\Settings\All Users\Application Data\Adobe Systems
2008-03-18 14:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 14:26 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-16 17:19 --------- d-----w C:\Settings\All Users\Application Data\FLEXnet
2008-03-12 19:31 --------- d-----w C:\Settings\Kobra\Application Data\Command & Conquer 3 Tiberium Wars
2008-03-12 18:13 --------- d--h--r C:\Settings\Kobra\Application Data\SecuROM
2008-03-01 16:36 3,591,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\DllCache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\DllCache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\DllCache\ieakui.dll
2007-11-19 20:12 22,328 ----a-w C:\Settings\Kobra\Application Data\PnkBstrK.sys
2007-11-06 14:12 81,920 ----a-w C:\Settings\DeathMaker\Application Data\ezpinst.exe
2007-11-06 14:12 47,360 ----a-w C:\Settings\DeathMaker\Application Data\pcouffin.sys
2007-12-24 19:30 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-05_18.07.11.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 16:00:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 10:30:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 10:31:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_758.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 17:12 1271032]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-10-12 21:00 294912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 10:53 65024 C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-13 18:58 282624]
"CTFMon"="C:\Settings\Miroslav\Desktop\PVO+++\New Folder\CTF\ctfmon.exe" [ ]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 11:58 176128]

C:\Settings\Kobra\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-30 21:32:22 113664]
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-03-01 16:10:50 624416]

C:\Settings\DeathMaker\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-23 00:29:52 2998608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.FFDS"= ffdshow.ax
"vidc.avrn"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
"vidc.hfyu"= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
"msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
"msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
"vidc.frwd"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"msacm.msadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.i420"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.msvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.pdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"D:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"D:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 05:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 12:09]
R3 Moufiltr;Mouse Test Driver;C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 15:13]
R3 MouseCap;MouseCapture Driver;C:\WINDOWS\system32\Drivers\MouseCap.sys [2005-08-08 14:44]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a851289-ab1c-11dc-9546-0011d8ad3aaf}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a85128a-ab1c-11dc-9546-0011d8ad3aaf}]
\shell\Setup\command - setup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 12:47:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-12 12:51:23
ComboFix-quarantined-files.txt 2008-05-12 10:51:19
ComboFix2.txt 2008-05-10 12:13:49
ComboFix3.txt 2008-05-05 16:07:34

Pre-Run: 3,510,652,928 bytes free
Post-Run: 3,520,528,384 bytes free

362 --- E O F --- 2008-04-11 10:05:55




tu je SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2008 at 01:24 PM

Application Version : 4.0.1154

Core Rules Database Version : 3458
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 00:29:56

Memory items scanned : 430
Memory threats detected : 0
Registry items scanned : 6963
Registry threats detected : 0
File items scanned : 21425
File threats detected : 49

Adware.Tracking Cookie
C:\Settings\Kobra\Cookies\kobra@www.porntv24[1].txt
C:\Settings\Kobra\Cookies\kobra@sexy-models[1].txt
C:\Settings\Kobra\Cookies\kobra@windowsmedia[2].txt
C:\Settings\Kobra\Cookies\kobra@traffic.rude[1].txt
C:\Settings\Kobra\Cookies\kobra@www.windowsmedia[1].txt
C:\Settings\Kobra\Cookies\kobra@ad.post[2].txt
C:\Settings\Kobra\Cookies\kobra@euros4click[1].txt
C:\Settings\Kobra\Cookies\kobra@ad2.bbmedia[1].txt
C:\Settings\Kobra\Cookies\kobra@toplist[2].txt
C:\Settings\Kobra\Cookies\kobra@atwola[2].txt
C:\Settings\Kobra\Cookies\kobra@ad[1].txt
C:\Settings\Kobra\Cookies\kobra@2o7[1].txt
C:\Settings\Kobra\Cookies\kobra@www.mediasoftwareapps[2].txt
C:\Settings\Kobra\Cookies\kobra@adultadworld[2].txt
C:\Settings\DeathMaker\Cookies\deathmaker@wsd-ps-c.bannersystem[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@wsd-ps-b.bannersystem[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@atwola[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@atwola[2].txt
C:\Settings\DeathMaker\Cookies\deathmaker@wsd-ps-l.bannersystem[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@wsd-ps-k.bannersystem[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@wsd-ps-i.bannersystem[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@adrenalinesk[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@ad2.bbmedia[2].txt
C:\Settings\DeathMaker\Cookies\deathmaker@adlegend[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@click-fr[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@ad2.billboard[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@ad.zanox[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@doubleclick[1].txt
C:\Settings\DeathMaker\Cookies\deathmaker@windowsmedia[2].txt
C:\Settings\Kobra\Cookies\kobra@advertising[1].txt
C:\Settings\Kobra\Cookies\kobra@advertising[2].txt
C:\Settings\Kobra\Cookies\kobra@advertising[3].txt
C:\Settings\Kobra\Cookies\kobra@warez[1].txt
C:\Settings\Kobra\Cookies\kobra@stats[2].txt
C:\Settings\Kobra\Cookies\kobra@fastclick[2].txt
C:\Settings\Kobra\Cookies\kobra@atwola[1].txt
C:\Settings\Kobra\Cookies\kobra@statcounter[2].txt
C:\Settings\Kobra\Cookies\kobra@www.mediasoftwareapps[1].txt
C:\Settings\Kobra\Cookies\kobra@zedo[1].txt
C:\Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
C:\Settings\LocalService\Cookies\system@www.burstbeacon[1].txt
C:\Settings\LocalService\Cookies\system@www.burstnet[1].txt
C:\Settings\Miroslav\Cookies\miroslav@spylog[1].txt
C:\Settings\Miroslav\Cookies\miroslav@tns-counter[1].txt
C:\Settings\Miroslav\Cookies\miroslav@yadro[1].txt
C:\Settings\Miroslav\Cookies\miroslav@hotlog[1].txt

Trojan.Unclassified-Packed/Suspicious
C:\PROGRAM FILES\ACE MEGA CODECS PACK\UTILITIES\ABCAVI TAG EDITOR\ABCAVIIT.DLL
C:\PROGRAM FILES\ACE MEGA CODECS PACK\UTILITIES\AVI CODECS\ABCAVI TAG EDITOR\ABCAVIIT.DLL

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\PERFS.EXE



a tu je HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:44, on 12. 5. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Winamp Search - C:\Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit prekladac - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &oznacený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8743 bytes

Ještě fixni v HJT tyto položky:
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud si tam chceš nechat na občasnou kontrolu SUPERAntiSpyware tak vypni jeho spouštění při startu.
- Spusť program a klikni na tlačítko Preferences...
- Otevře se ti nové okno kde klikni na záložku General and Startup
* na ní pod nadpisem Start-Up Options zruš zatržení(fajfku) u položky: Start SUPERAntiSpyware when Windows starts
- Pak můžeš program zavřít

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť T-cleaner a postupuj podle instrukcí.
- případně můžeš také pročistit Pc od dočasných souborů např. pomocí: CCleaner

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.

----------------------------------------------------------------------------------------------------------------------------------------

Máš ještě nějaké problémy?