Urgentna kontrola pls Vyřešeno

[mishel275]

Zdravim,
mam problem, bud mam v pc nejake sracky alebo neviem co proste mi teraz KAMARAT napisal hesla ake mam napr na icq skype na forach na email.... nemam tam nejakych skryty autorunov keyloggerov? alebo neico?????,,, pls pomoc
neveim ci bude stacit lig z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:08, on 12. 3. 2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Wisdom-soft ScreenHunter 5 Pro\ScreenHunter.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c98f711e4dd8c0) (gupdate1c98f711e4dd8c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5849 bytes

[Reklama]

[mishel275]

pls o kontrolu....

[jaro3]

nic tam nevidím.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[mishel275]

vobec nic tam neni, ziadne infokovane subory :( ale este aj mi povadal ze to je Aldamax keylogger alebo take nieco ?( pls pomoc so s tym mam spravit? vsetko vie co robim :(

[jaro3]

To je pěknej kamarád..
Žádný program na odinstalovaní neznám, jen mě napadá pomocí scriptu v CF. Takže pokud Ti nikdo neporadí:
Vypni rez. ochrany u ESS.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[mishel275]

NO tu je ten log. A prosim vsetkych kto vie ako najst a odsrtranit Ardamax keyloggera tak pls dajte vediet
ComboFix 09-03-12.01 - Michal 2009-03-13 18:14:39.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.383.204 [GMT 1:00]
Running from: c:\documents and settings\Misko\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-13 18:03 . 2009-03-13 18:03 16 --a------ c:\windows\wininit.ini
2009-03-13 18:02 . 2009-03-13 18:02 <DIR> d-------- c:\program files\QuickTime
2009-03-13 18:02 . 2009-03-13 18:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime
2009-03-13 18:01 . 2009-03-13 18:12 <DIR> d-------- c:\program files\Trillian
2009-03-12 20:29 . 2009-03-12 20:29 <DIR> d-------- c:\program files\ICQ Password
2009-02-26 17:59 . 2004-08-03 23:56 146,432 --a------ c:\windows\R.COM
2009-02-26 17:59 . 2004-08-03 23:56 135,680 --a------ c:\windows\system32\T.COM
2009-02-26 17:59 . 2009-02-26 17:59 26 --a------ c:\windows\Lic.xxx
2009-02-26 16:59 . 2009-02-26 16:59 <DIR> d-------- c:\documents and settings\Misko\Application Data\Apple Computer
2009-02-26 16:58 . 2009-02-26 16:59 <DIR> d-------- c:\program files\Safari
2009-02-26 16:58 . 2009-02-26 16:58 <DIR> d-------- c:\program files\Bonjour
2009-02-26 16:58 . 2009-02-26 16:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-26 16:57 . 2009-02-26 16:58 <DIR> d-------- c:\program files\Apple Software Update
2009-02-26 16:57 . 2009-02-26 16:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-02-17 09:22 . 2009-02-17 09:23 <DIR> d-------- c:\program files\Anti-Blaxx
2009-02-17 08:55 . 2005-06-24 16:24 438,272 -ra------ c:\windows\system32\vp6vfw.dll
2009-02-17 08:55 . 2004-12-10 09:06 327,680 --a------ c:\windows\system32\vp6dec.ax
2009-02-17 08:36 . 2009-02-17 08:37 <DIR> d-------- c:\documents and settings\Misko\Application Data\DAEMON Tools Pro
2009-02-17 08:36 . 2009-02-17 08:36 <DIR> d-------- c:\documents and settings\Misko\Application Data\DAEMON Tools
2009-02-17 08:35 . 2009-02-17 08:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-17 08:34 . 2009-02-17 08:34 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-02-17 08:34 . 2009-02-17 08:34 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-17 08:30 . 2009-02-17 10:14 <DIR> d-------- c:\documents and settings\Misko\Application Data\DAEMON Tools Lite
2009-02-17 08:30 . 2009-02-17 08:30 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-15 14:51 . 2009-02-15 14:52 <DIR> d-------- c:\program files\IEPro
2009-02-15 14:51 . 2009-02-15 14:52 <DIR> d-------- c:\documents and settings\Misko\Application Data\IEPro
2009-02-15 14:27 . 2009-02-15 14:41 <DIR> d-------- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 16:59 --------- d-----w c:\documents and settings\Misko\Application Data\Skype
2009-03-13 15:15 --------- d-----w c:\documents and settings\Misko\Application Data\ICQ
2009-03-13 13:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-12 20:27 --------- d-----w c:\documents and settings\Misko\Application Data\skypePM
2009-03-12 15:44 --------- d-----w c:\program files\ICQ6
2009-03-11 14:26 --------- d-----w c:\documents and settings\Misko\Application Data\OpenOffice.org2
2009-02-17 07:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-16 15:52 --------- d-----w c:\program files\DivX
2009-02-16 13:50 --------- d-----w c:\program files\Java
2009-02-15 07:37 2,321,024 ----a-w c:\windows\system32\TUKernel.exe
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-06 17:51 --------- d-----w c:\program files\Common Files\Skype
2009-02-06 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-06 17:51 --------- d-----r c:\program files\Skype
2009-01-27 15:41 --------- d-----w c:\program files\Mafia
2009-01-27 13:06 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-26 18:41 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-26 18:40 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-25 18:05 --------- d-----w c:\documents and settings\Misko\Application Data\Malwarebytes
2009-01-25 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-24 13:59 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-24 12:48 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 12:48 --------- d-----w c:\documents and settings\Misko\Application Data\SUPERAntiSpyware.com
2009-01-24 12:10 --------- d-----w c:\program files\Trend Micro
2009-01-23 17:33 --------- d-----w c:\program files\Creative
2008-05-07 15:36 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-12-19 22:59 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 22:59 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 22:59 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 22:59 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 22:59 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-27 136600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"Anti-Blaxx Manager"="c:\program files\Anti-Blaxx\Anti-Blaxx.exe" [2005-05-18 208896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-24 14:58 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Domino"=c:\windows\Domino.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"ZSSnp211"=c:\windows\ZSSnp211.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Wolf's Profi Miranda-Pack v1.4.0\\miranda32.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-29 55024]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98f711e4dd8c0;Služba Google Update (gupdate1c98f711e4dd8c0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;\??\c:\program files\Ufasoft\Sniffer\usft_sn4.sys --> c:\program files\Ufasoft\Sniffer\usft_sn4.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{897566f1-b339-11dd-a0a8-00104b965169}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
FF - ProfilePath - c:\documents and settings\Misko\Application Data\Mozilla\Firefox\Profiles\lsyows1o.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\program files\TV JOJ Media Player\np_JOJ_netscape_player.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 18:17:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-03-13 18:19:29
ComboFix-quarantined-files.txt 2009-03-13 17:19:02

Pre-Run: 2 680 258 560 bytes free
Post-Run: 3,261,657,088 bytes free

176

[jaro3]

Žádný keylogger tam nevidím...
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Ještě můžeš zkusit toto:
Stáhni si OTViewIt
na plochu.Zavři všechna okna a a poklepej na něj.Dej znaménko na Scan all Users box.Klikni na Run Scan a nech program nerušeně běžet.Na konci vytvoří dva logy na ploše , tyto logy (OTViewIt.txt a Extras.txt ) sem pak vlož.
Nemá to z webovky??

[mishel275]

nie nema to z webovky vyslovene mi povedal, ze mu to chodilo na mail uz asi strane dlho, tusim 160 mailov po 500kb
k*t jeden mam take nervy, idem spravit ten scan

[jaro3]

No, tak má Tvoje hesla na iCQ..
Toto sis asi instaloval sám: c:\program files\ICQ Password ?
Doporučil bych Ti odinstalovat craklýho NOD32, s tím nemáš na netu velkou ochranu, pořiď si raději něco free:
Avira, Avast nebo AVG...
Kouknu se pak na ten log z OTViewIt, ale nevím.

[mishel275]

log z Combofiaxa, ide spravit dalsie
ComboFix 09-03-13.02 - Michal 2009-03-14 11:51:11.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.383.159 [GMT 1:00]
Running from: c:\documents and settings\Misko\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Misko\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 )))))))))))))))))))))))))))))))
.

2009-03-13 18:03 . 2009-03-13 18:03 16 --a------ c:\windows\wininit.ini
2009-03-13 18:02 . 2009-03-13 18:02 <DIR> d-------- c:\program files\QuickTime
2009-03-13 18:02 . 2009-03-13 18:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\QuickTime
2009-03-13 18:01 . 2009-03-13 18:12 <DIR> d-------- c:\program files\Trillian
2009-02-26 17:59 . 2004-08-03 23:56 146,432 --a------ c:\windows\R.COM
2009-02-26 17:59 . 2004-08-03 23:56 135,680 --a------ c:\windows\system32\T.COM
2009-02-26 17:59 . 2009-02-26 17:59 26 --a------ c:\windows\Lic.xxx
2009-02-26 16:59 . 2009-02-26 16:59 <DIR> d-------- c:\documents and settings\Misko\Application Data\Apple Computer
2009-02-26 16:58 . 2009-02-26 16:59 <DIR> d-------- c:\program files\Safari
2009-02-26 16:58 . 2009-02-26 16:58 <DIR> d-------- c:\program files\Bonjour
2009-02-26 16:58 . 2009-02-26 16:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-26 16:57 . 2009-02-26 16:58 <DIR> d-------- c:\program files\Apple Software Update
2009-02-26 16:57 . 2009-02-26 16:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-02-17 09:22 . 2009-02-17 09:23 <DIR> d-------- c:\program files\Anti-Blaxx
2009-02-17 08:55 . 2005-06-24 16:24 438,272 -ra------ c:\windows\system32\vp6vfw.dll
2009-02-17 08:55 . 2004-12-10 09:06 327,680 --a------ c:\windows\system32\vp6dec.ax
2009-02-17 08:36 . 2009-02-17 08:37 <DIR> d-------- c:\documents and settings\Misko\Application Data\DAEMON Tools Pro
2009-02-17 08:36 . 2009-02-17 08:36 <DIR> d-------- c:\documents and settings\Misko\Application Data\DAEMON Tools
2009-02-17 08:35 . 2009-02-17 08:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-17 08:34 . 2009-02-17 08:34 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-02-17 08:34 . 2009-02-17 08:34 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-17 08:30 . 2009-02-17 10:14 <DIR> d-------- c:\documents and settings\Misko\Application Data\DAEMON Tools Lite
2009-02-17 08:30 . 2009-02-17 08:30 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-15 14:51 . 2009-02-15 14:52 <DIR> d-------- c:\program files\IEPro
2009-02-15 14:51 . 2009-02-15 14:52 <DIR> d-------- c:\documents and settings\Misko\Application Data\IEPro
2009-02-15 14:27 . 2009-02-15 14:41 <DIR> d-------- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 19:27 --------- d-----w c:\documents and settings\Misko\Application Data\Skype
2009-03-13 15:15 --------- d-----w c:\documents and settings\Misko\Application Data\ICQ
2009-03-13 13:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-12 20:27 --------- d-----w c:\documents and settings\Misko\Application Data\skypePM
2009-03-12 15:44 --------- d-----w c:\program files\ICQ6
2009-03-11 14:26 --------- d-----w c:\documents and settings\Misko\Application Data\OpenOffice.org2
2009-02-17 07:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-16 15:52 --------- d-----w c:\program files\DivX
2009-02-16 13:50 --------- d-----w c:\program files\Java
2009-02-15 07:37 2,321,024 ----a-w c:\windows\system32\TUKernel.exe
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-06 17:51 --------- d-----w c:\program files\Common Files\Skype
2009-02-06 17:51 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-06 17:51 --------- d-----r c:\program files\Skype
2009-01-27 15:41 --------- d-----w c:\program files\Mafia
2009-01-27 13:06 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-26 18:41 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-26 18:40 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-25 18:05 --------- d-----w c:\documents and settings\Misko\Application Data\Malwarebytes
2009-01-25 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-24 13:59 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-24 12:48 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 12:48 --------- d-----w c:\documents and settings\Misko\Application Data\SUPERAntiSpyware.com
2009-01-24 12:10 --------- d-----w c:\program files\Trend Micro
2009-01-23 17:33 --------- d-----w c:\program files\Creative
2008-05-07 15:36 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-12-19 22:59 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 22:59 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 22:59 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 22:59 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 22:59 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-13_18.17.57,81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-14 10:16:35 16,384 ----atw c:\windows\temp\Perflib_Perfdata_c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-27 136600]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"Anti-Blaxx Manager"="c:\program files\Anti-Blaxx\Anti-Blaxx.exe" [2005-05-18 208896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2009-01-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-24 14:58 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Domino"=c:\windows\Domino.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"ZSSnp211"=c:\windows\ZSSnp211.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Wolf's Profi Miranda-Pack v1.4.0\\miranda32.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-29 55024]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98f711e4dd8c0;Služba Google Update (gupdate1c98f711e4dd8c0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4;\??\c:\program files\Ufasoft\Sniffer\usft_sn4.sys --> c:\program files\Ufasoft\Sniffer\usft_sn4.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{897566f1-b339-11dd-a0a8-00104b965169}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-28 13:49]

2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 14:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
FF - ProfilePath - c:\documents and settings\Misko\Application Data\Mozilla\Firefox\Profiles\lsyows1o.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 11:53:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2009-03-14 11:55:26
ComboFix-quarantined-files.txt 2009-03-14 10:55:03
ComboFix2.txt 2009-03-13 17:19:30

Pre-Run: 3 247 230 976 bytes free
Post-Run: 3,237,167,104 bytes free

173

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Můžeš vložit nový log z HJT.

[mishel275]

z toho otviewit:
OTViewIt logfile created on: 14. 3. 2009 19:33:20 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Misko\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

383,49 Mb Total Physical Memory | 235,33 Mb Available Physical Memory | 61,37% Memory free
921,56 Mb Paging File | 740,78 Mb Available in Paging File | 80,38% Paging File free
Paging file location(s): C:\pagefile.sys 576 620;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 3,04 Gb Free Space | 31,09% Space Free | Partition Type: NTFS
Drive D: | 28,51 Gb Total Space | 4,01 Gb Free Space | 14,07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIHAAL
Current User Name: Michal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== Processes ==========

[2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2001.09.10 19:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE
[2008.08.18 13:25:10 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
[2009.01.27 14:06:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2009.02.15 14:27:06 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[2005.07.20 21:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2009.01.27 14:06:19 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008.08.18 13:23:50 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
[2009.03.14 11:30:08 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Misko\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2001.09.10 19:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv [Auto | Running])
[2008.08.18 13:30:58 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
[2008.08.18 13:25:10 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
[2009.02.15 14:27:06 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98f711e4dd8c0 [Auto | Stopped])
[2009.01.27 14:06:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2001.08.23 13:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped])
[2005.07.20 21:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2007.03.26 12:06:24 | 00,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
[2009.01.26 19:40:50 | 00,306,432 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
[2006.10.18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001.09.10 19:09:46 | 00,057,392 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla [On_Demand | Stopped])
[2008.08.18 12:18:26 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
[2008.08.18 12:19:26 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
[2001.08.17 13:11:02 | 00,153,631 | ---- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X [On_Demand | Running])
[2008.08.18 12:27:36 | 00,071,688 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw [Auto | Running])
[2008.08.18 12:27:40 | 00,030,728 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis [On_Demand | Running])
[2008.08.18 12:27:42 | 00,054,280 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi [System | Running])
[2004.08.04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2004.08.03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2007.02.22 09:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
[2007.02.22 09:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
[2007.02.22 09:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
[2007.02.22 09:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
[2005.07.20 21:07:00 | 03,198,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2001.08.23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2009.01.24 14:58:59 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006.02.16 16:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2009.01.24 14:59:00 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2006.10.15 16:39:23 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2009.02.17 08:30:47 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2002.07.24 03:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2004.08.03 23:32:32 | 00,084,480 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ac97via.sys -- (VIAudio [On_Demand | Running])
[2007.01.18 20:06:15 | 00,391,836 | R--- | M] (ZSMC Corporation) -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC211 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.msn.com/

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{00011268-E188-40DF-A514-835FCD78B1BF} (HKLM) -- C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (HKLM) -- C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Anti-Blaxx Manager"=C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe (MB-Soft, HAANDI)
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (Adobe Systems, Inc.)

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (Adobe Systems, Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\.DEFAULT\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-18\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-19\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-20\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{000002a3-84fe-43f1-b958-f2c3ca804f1a}: Button: IE7Pro Grab and Drag -- %ProgramFiles%\IEPro\IEPro.dll [2009.02.04 10:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
{000002a3-84fe-43f1-b958-f2c3ca804f1a}: Menu: IE7Pro Grab and Drag -- %ProgramFiles%\IEPro\IEPro.dll [2009.02.04 10:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}: Button: IE7Pro Preferences -- %ProgramFiles%\IEPro\IEPro.dll [2009.02.04 10:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}: Menu: IE7Pro Preferences -- %ProgramFiles%\IEPro\IEPro.dll [2009.02.04 10:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
{77BF5300-1474-4EC7-9980-D32B190E9B07}: Button: Skype -- %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009.01.29 14:01:36 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2006.10.15 16:39:56 | 00,557,568 | ---- | M] (Microsoft Corporation)
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Button: ICQ6 -- %ProgramFiles%\ICQ6\ICQ.exe [2008.04.01 11:40:42 | 00,172,280 | ---- | M] (ICQ, Inc.)
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Menu: ICQ6 -- %ProgramFiles%\ICQ6\ICQ.exe [2008.04.01 11:40:42 | 00,172,280 | ---- | M] (ICQ, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{000002a3-84fe-43f1-b958-f2c3ca804f1a} [HKLM] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Grab and Drag] -> [2009.02.04 10:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
CmdMapping\\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} [HKLM] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Preferences] -> [2009.02.04 10:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3B3628FF-E084-47ef-8797-FA36FC2571EA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2009.01.29 14:01:36 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006.10.15 16:39:56 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKLM] -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> [2008.04.01 11:40:42 | 00,172,280 | ---- | M] (ICQ, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006.10.15 16:39:56 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006.10.15 16:39:56 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{000002a3-84fe-43f1-b958-f2c3ca804f1a} [HKLM] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Grab and Drag] -> [2009.02.04 10:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
CmdMapping\\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} [HKLM] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Preferences] -> [2009.02.04 10:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{3B3628FF-E084-47ef-8797-FA36FC2571EA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> [2009.01.29 14:01:36 | 01,088,296 | ---- | M] (Skype Technologies S.A.)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2006.10.15 16:39:56 | 00,557,568 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKLM] -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> [2008.04.01 11:40:42 | 00,172,280 | ---- | M] (ICQ, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shoc ... wflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{714E30A5-DE35-492B-B7C1-04FA6D1A5B61} (Servers: | Description: )
{CE8B2B93-2816-4980-BBAD-126907F59598} (Servers: | Description: 3Com 3C900COMBO-based Ethernet Adapter (Generic))

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UIHost"=C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{897566f1-b339-11dd-a0a8-00104b965169}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{897566f1-b339-11dd-a0a8-00104b965169}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{897566f1-b339-11dd-a0a8-00104b965169}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 90 Days ==========

File not found -- C:\Documents and Settings\Misko\Desktop\CAS56Z4P.
File not found -- C:\Documents and Settings\Misko\Desktop\CA49UF8P.
[2009.03.14 11:30:40 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Misko\Desktop\OTViewIt.exe
[2009.03.13 18:13:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.03.13 18:03:58 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.03.13 18:02:48 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.03.13 18:02:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009.03.13 18:01:56 | 00,001,622 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\Trillian.lnk
[2009.03.13 18:01:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009.03.13 17:58:22 | 09,638,459 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\trillian-v3.0.exe
[2009.03.13 14:16:25 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.03.13 14:13:27 | 02,876,728 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Misko\Desktop\mbam-setup.exe
[2009.03.12 18:17:29 | 00,146,794 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\ScreenHunter_01 Mar. 12 18.17.gif
[2009.03.10 21:59:09 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\fear_spdemo_en.exe
[2009.03.10 15:34:33 | 00,184,730 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\e41426a6303641be8112636a72ee94a1.jpg
[2009.03.10 15:19:27 | 00,903,470 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\chem2.jpg
[2009.03.10 15:19:27 | 00,784,395 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\chem3.jpg
[2009.03.10 15:19:27 | 00,697,928 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\chem4.jpg
[2009.03.10 15:19:26 | 00,849,101 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\chem1.jpg
[2009.03.10 15:19:26 | 00,586,375 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\chem0.jpg
[2009.03.09 20:41:52 | 00,074,950 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\eset.JPG
[2009.03.09 20:27:55 | 00,138,299 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\ScreenHunter_01 Mar. 09 20.27.gif
[2009.03.09 20:05:51 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009.02.26 17:59:55 | 00,000,026 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2009.02.26 17:59:32 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2009.02.26 17:59:32 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2009.02.26 16:59:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Local Settings\Application Data\Apple Computer
[2009.02.26 16:59:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Application Data\Apple Computer
[2009.02.26 16:59:31 | 00,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009.02.26 16:58:50 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009.02.26 16:58:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009.02.26 16:58:26 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009.02.26 16:58:12 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009.02.26 16:58:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Local Settings\Application Data\Apple
[2009.02.26 16:57:59 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009.02.26 16:57:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009.02.22 19:28:16 | 00,029,944 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\l_f4557061dd198432ef939ada308113e6.jpg
[2009.02.21 16:39:28 | 00,000,168 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\hwmonitorw.ini
[2009.02.20 19:55:16 | 00,002,829 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\Shortcut to FFRUITS.pif
[2009.02.17 10:23:02 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Misko\Desktop\god
[2009.02.17 10:09:36 | 14,250,059 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\godfather.exe
[2009.02.17 09:22:55 | 00,000,000 | ---D | C] -- C:\Program Files\Anti-Blaxx
[2009.02.17 08:56:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\My Documents\GF
[2009.02.17 08:56:01 | 00,000,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Godfather™ The Game.lnk
[2009.02.17 08:55:51 | 00,438,272 | R--- | C] (EA.com/On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2009.02.17 08:55:51 | 00,327,680 | ---- | C] (On2.com Inc.) -- C:\WINDOWS\System32\vp6dec.ax
[2009.02.17 08:36:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Application Data\DAEMON Tools Pro
[2009.02.17 08:36:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Application Data\DAEMON Tools
[2009.02.17 08:35:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.02.17 08:34:33 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009.02.17 08:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009.02.17 08:30:46 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.02.17 08:30:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Application Data\DAEMON Tools Lite
[2009.02.16 13:04:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Desktop\tu mas
[2009.02.16 13:03:26 | 00,293,917 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\tu mas.rar
[2009.02.15 14:51:46 | 00,000,000 | ---D | C] -- C:\Program Files\IEPro
[2009.02.15 14:51:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Application Data\IEPro
[2009.02.14 13:53:25 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\My Computer.lnk
[2009.02.06 18:51:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009.02.06 18:50:58 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009.02.05 14:21:38 | 00,000,252 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.02.05 14:10:08 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009.01.30 11:15:48 | 00,163,840 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\fdx-maft.exe
[2009.01.29 19:53:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Desktop\Games
[2009.01.29 19:53:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Desktop\ABC
[2009.01.26 17:21:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009.01.25 19:44:44 | 01,236,992 | ---- | C] (CPUID) -- C:\Documents and Settings\Misko\Desktop\HWMonitor.exe
[2009.01.25 19:05:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Application Data\Malwarebytes
[2009.01.25 19:05:14 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.01.25 19:05:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.01.25 19:05:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009.01.25 19:04:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.01.24 16:56:33 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2009.01.24 16:45:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Misko\Local Settings\Application Data\Ahead
[2009.01.24 13:10:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.01.23 18:33:42 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2009.01.22 18:01:51 | 00,000,000 | ---D | C] -- C:\Program Files\Mafia
[2009.01.18 12:47:49 | 00,010,806 | ---- | C] () -- C:\Documents and Settings\Misko\My Documents\cc_20090118_1247.reg
[2009.01.10 19:16:19 | 00,001,527 | ---- | C] () -- C:\Documents and Settings\Misko\Desktop\Counterstrike 1.6.lnk
[2009.01.05 18:10:18 | 00,036,864 | -HS- | C] () -- C:\Documents and Settings\Misko\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Misko\My Documents\Thumbs.db:encryptable
[2008.12.24 23:32:34 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2008.12.24 23:32:34 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2008.12.20 17:08:05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.12.20 17:01:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2008.12.20 16:59:00 | 00,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2008.12.20 16:58:51 | 00,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2008.12.20 16:58:50 | 00,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2008.12.20 16:58:50 | 00,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2008.12.20 16:58:49 | 01,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2008.12.20 16:58:05 | 00,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2008.12.20 16:54:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2008.12.20 16:54:00 | 00,000,000 | ---D | C] -- C:\Program Files\Ahead
[2008.12.17 13:55:28 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

========== Files - Modified Within 90 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
File not found -- C:\Documents and Settings\Misko\Desktop\CAS56Z4P.
File not found -- C:\Documents and Settings\Misko\Desktop\CA49UF8P.
[2009.03.14 11:55:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.03.14 11:53:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.03.14 11:30:08 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Misko\Desktop\OTViewIt.exe
[2009.03.14 11:16:52 | 00,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.03.14 11:16:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.03.13 18:10:42 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\Trillian.lnk
[2009.03.13 18:03:58 | 00,000,016 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009.03.13 18:00:55 | 09,638,459 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\trillian-v3.0.exe
[2009.03.13 17:15:00 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009.03.13 14:16:25 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.03.13 14:13:50 | 02,876,728 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Misko\Desktop\mbam-setup.exe
[2009.03.13 13:18:53 | 06,921,710 | -H-- | M] () -- C:\Documents and Settings\Misko\Local Settings\Application Data\IconCache.db
[2009.03.12 20:27:13 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009.03.12 20:03:10 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.03.12 20:02:55 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Misko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.12 18:17:29 | 00,146,794 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\ScreenHunter_01 Mar. 12 18.17.gif
[2009.03.12 06:17:07 | 00,002,334 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2009.03.12 06:04:29 | 00,000,067 | ---- | M] () -- C:\WINDOWS\KBDSC32.INI
[2009.03.10 21:59:09 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\fear_spdemo_en.exe
[2009.03.10 15:34:43 | 00,184,730 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\e41426a6303641be8112636a72ee94a1.jpg
[2009.03.09 20:41:56 | 00,074,950 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\eset.JPG
[2009.03.09 20:27:55 | 00,138,299 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\ScreenHunter_01 Mar. 09 20.27.gif
[2009.03.06 14:16:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.03.05 20:32:06 | 00,903,470 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\chem2.jpg
[2009.03.05 20:32:06 | 00,849,101 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\chem1.jpg
[2009.03.05 20:32:06 | 00,784,395 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\chem3.jpg
[2009.03.05 20:32:06 | 00,697,928 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\chem4.jpg
[2009.03.05 20:32:04 | 00,586,375 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\chem0.jpg
[2009.02.28 09:01:54 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009.02.26 17:59:55 | 00,000,026 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2009.02.22 19:28:16 | 00,029,944 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\l_f4557061dd198432ef939ada308113e6.jpg
[2009.02.22 16:42:17 | 00,000,168 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\hwmonitorw.ini
[2009.02.20 19:55:16 | 00,002,829 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\Shortcut to FFRUITS.pif
[2009.02.17 08:56:01 | 00,000,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Godfather™ The Game.lnk
[2009.02.17 08:30:47 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.02.16 13:03:20 | 00,293,917 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\tu mas.rar
[2009.02.15 08:37:12 | 02,321,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2009.02.15 08:37:12 | 00,000,389 | RHS- | M] () -- C:\boot.ini
[2009.02.11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.02.11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.02.05 14:21:38 | 00,000,252 | ---- | M] () -- C:\WINDOWS\game.ini
[2009.01.26 19:40:50 | 00,306,432 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2009.01.26 17:16:23 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.01.22 17:17:18 | 01,236,992 | ---- | M] (CPUID) -- C:\Documents and Settings\Misko\Desktop\HWMonitor.exe
[2009.01.18 12:47:55 | 00,010,806 | ---- | M] () -- C:\Documents and Settings\Misko\My Documents\cc_20090118_1247.reg
[2009.01.15 17:51:08 | 00,002,268 | ---- | M] () -- C:\WINDOWS\WINTRAN.INI
[2009.01.15 17:50:25 | 00,000,067 | ---- | M] () -- C:\WINDOWS\STXKBDTC.INI
[2009.01.05 18:10:20 | 00,036,864 | -HS- | M] () -- C:\Documents and Settings\Misko\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Misko\My Documents\Thumbs.db:encryptable
[2008.12.29 13:54:42 | 00,001,527 | ---- | M] () -- C:\Documents and Settings\Misko\Desktop\Counterstrike 1.6.lnk
[2008.12.17 13:55:28 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
< End of report >
Extras:
OTViewIt Extras logfile created on: 14. 3. 2009 19:33:20 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Misko\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

383,49 Mb Total Physical Memory | 235,33 Mb Available Physical Memory | 61,37% Memory free
921,56 Mb Paging File | 740,78 Mb Available in Paging File | 80,38% Paging File free
Paging file location(s): C:\pagefile.sys 576 620;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 3,04 Gb Free Space | 31,09% Space Free | Partition Type: NTFS
Drive D: | 28,51 Gb Total Space | 4,01 Gb Free Space | 14,07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIHAAL
Current User Name: Michal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006.10.15 16:39:56 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004.08.03 23:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006.10.15 16:39:56 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2004.08.03 23:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008.04.01 11:40:42 | 00,172,280 | ---- | M] (ICQ, Inc.) -- C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
[2008.08.14 17:12:42 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007.10.01 15:01:56 | 00,550,994 | ---- | M] ( ) -- D:\Wolf's Profi Miranda-Pack v1.4.0\miranda32.exe:*:Disabled:Miranda IM
[2009.02.04 10:59:16 | 00,715,912 | ---- | M] (IE7Pro.com) -- C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM
[2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009.01.29 14:01:36 | 23,975,720 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004.09.17 13:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004.09.17 13:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.29 14:01:36 | 01,942,824 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}"=PC Connectivity Solution
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{13B792AA-C078-43A4-8A3A-8B12D629940D}"=Counter-Strike 1.6
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}"=The Godfather™ The Game
"{21A7C708-D575-491C-94AE-86FFCF2BF19F}"=ArcSoft Funhouse
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}"=Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java(TM) 6 Update 7
"{548EAC70-EE00-11DD-908C-005056806466}"=Google Zem
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}"=Nokia PC Suite
"{5888428E-699C-4E71-BF71-94EE06B497DA}"=TuneUp Utilities 2008
"{60DE4033-9503-48D1-A483-7846BD217CA9}"=ICQ6
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}"=Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"=Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AF10D7E4-D29A-45DA-8050-B116097B69B5}"=Safari
"{B63C1E49-2E0E-406B-BD8A-C703E4263E0A}"=AdVantage
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{CBE0549E-6304-41DE-B063-51FF18EDD7DC}"=ESET Smart Security
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty(R) 2
"{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}"=Opera 9.52
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}"=OpenOffice.org 2.4
"µTorrent CZ_is1"=µTorrent CZ 1.8 (build 11813)
"0852D05415AB9A4F1EF451E342267F76C776ED2F"=Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25"=Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23"=EA SPORTS online 2004
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Anti-Blaxx_is1"=Anti-Blaxx 1.16
"CCleaner"=CCleaner (remove only)
"Cool's_Codec_pack_4.12"=Codec Pack - All In 1 6.0.3.0
"Counterstrike 1.6 Non-Steam Protocol 48"=Counterstrike 1.6 Non-Steam Protocol 48
"DAEMON Tools Toolbar"=DAEMON Tools Toolbar
"EAX Unified"=EAX Unified
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1"=NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"F064B256B4A20996EA9E333B5E0F14B61AB3333D"=Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"IE7Pro"=IE7Pro
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}"=Call of Duty(R) 2
"LMS"=C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Nokia PC Suite"=Nokia PC Suite
"NVIDIA Drivers"=NVIDIA Drivers
"Qip Infium packverze: 9020 RC3 s IRC protokolem"=Qip Infium pack verze: 9020 RC3 s IRC protokolem
"QIP Infium Slovak_is1"=QIP Infium Slovak 2008-02-20
"QIP Infium_is1"=QIP Infium 1.0.9015 RC3
"The Godfather "=The Godfather
"The KMPlayer"=The KMPlayer (remove only)
"Trillian"=Trillian
"TV JOJ Media Player"=TV JOJ Media Player
"VIA Audio Driver Setup Program"=VIA Audio Driver Setup Program
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR
"Wisdom-soft ScreenHunter 5.0 Pro"=Wisdom-soft ScreenHunter 5.0 Pro
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01005"=Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-436374069-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31. 1. 2009 10:58:07 | Computer Name = MIHAAL | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 2.3.9280.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7. 2. 2009 15:12:55 | Computer Name = MIHAAL | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.0.0.206, faulting module
skype.exe, version 4.0.0.206, fault address 0x009f1df1.

Error - 15. 2. 2009 9:52:09 | Computer Name = MIHAAL | Source = Application Error | ID = 1000
Description = Faulting application ie7prosetup_2.4.5.exe, version 0.0.0.0, faulting
module ws2_32.dll, version 5.1.2600.2180, fault address 0x0000a89d.

Error - 16. 2. 2009 8:38:06 | Computer Name = MIHAAL | Source = Application Error | ID = 1000
Description = Faulting application rapget.exe, version 0.0.0.0, faulting module
rapget.exe, version 0.0.0.0, fault address 0x0002596c.

Error - 18. 2. 2009 8:16:17 | Computer Name = MIHAAL | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module npswf32.dll, version 9.0.124.0, fault address 0x0005343c.

Error - 18. 2. 2009 8:42:43 | Computer Name = MIHAAL | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.0.0.206, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 19. 2. 2009 2:44:57 | Computer Name = MIHAAL | Source = Application Hang | ID = 1002
Description = Hanging application infium.exe, version 9.0.2.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19. 2. 2009 3:34:29 | Computer Name = MIHAAL | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module npswf32.dll, version 9.0.124.0, fault address 0x0005343c.

Error - 28. 2. 2009 11:08:42 | Computer Name = MIHAAL | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.0.0.206, faulting module
skype.exe, version 4.0.0.206, fault address 0x009f1df1.

Error - 28. 2. 2009 11:08:52 | Computer Name = MIHAAL | Source = Application Error | ID = 1001
Description = Fault bucket 1127915302.

[ System Events ]
Error - 13. 3. 2009 8:10:17 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 13. 3. 2009 8:10:17 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 13. 3. 2009 9:11:23 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 13. 3. 2009 9:11:23 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 13. 3. 2009 14:32:14 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 13. 3. 2009 14:32:14 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 14. 3. 2009 3:54:43 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 14. 3. 2009 3:54:43 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 14. 3. 2009 6:16:45 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 14. 3. 2009 6:16:45 | Computer Name = MIHAAL | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053


< End of report >
idem to precistit.