TR/Obfuscated.29996C

#1 Seit Samstag (19.02.11) meldet Avira mehrmals pro Tag den TR/Obfuscated.29996C, aber dauerhaft wird er nicht entfernt.
Außer diesen ständigen Meldungen spüre ich bisher keine Veränderungen am System.

Habe wie in dem Thread über neue Beiträge gebeten wird, scans mit OTL und GMER durchgeführt. Fast gleich nachdem OTL den Scan angefangen hat, meldete Avira den TR wieder. Habe auf remove geklickt, wie auch bisher immer, und den Scan mit OTL nicht neugestartet. Hoffe, das ist kein Problem.

Während des Scans mit GMER war Avira deaktiviert. Am Ende des Scans kam eine Meldung:

Zitat

WARNING !!!
GMER has found system modification caused by ROOTKIT activity

Als Antwort konnte man nur auf OK klicken, was ich auch gemacht habe. Daraufhin war der Fenster von GMER zu sehen mit den ganzen Logdaten, untere Zeile war leer. Weiß nicht ob das Ende vom Scan immer so ist. Hab dann mit OK GMER beendet und PC neugestartet. Hoffe, alles richtig gemacht.

Hier die Logfiles:

OTL.txt:

Code

OTL logfile created on: 2011.02.22 10:31:57 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Vartotojas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd
 
1.023,00 Mb Total Physical Memory | 501,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 55,37 Gb Free Space | 23,78% Space Free | Partition Type: NTFS
Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,73 Gb Total Space | 2,94 Gb Free Space | 78,78% Space Free | Partition Type: FAT32
 
Computer Name: PC1 | User Name: Vartotojas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2\svcnost.exe (Opera Software)
PRC - C:\Documents and Settings\Vartotojas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2\csrss.exe (Opera Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)
PRC - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Philips\Philips Device Manager\bin\DeviceManager.exe (Koninklijke Philips Electronics N.V.)
PRC - C:\Program Files\Logitech\QuickCam10\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\Vartotojas\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.)
MOD - C:\Documents and Settings\Vartotojas\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)
MOD - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (HidServ) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (GVCplDrv) -- C:\WINDOWS\System32\drivers\GVCplDrv.sys ()
DRV - (WinDriver6) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRfox000&ptb=f3mvgzlPrdbY6_mkbuIf4A
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=374563"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.delfi.lt/"
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.10
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=374563&p="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.10 23:03:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 13:38:51 | 000,000,000 | ---D | M]
 
[2008.09.06 08:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Extensions
[2011.02.21 14:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Firefox\Profiles\13tqk9hz.default\extensions
[2010.10.04 10:23:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Firefox\Profiles\13tqk9hz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.19 17:53:53 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Firefox\Profiles\13tqk9hz.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011.01.11 12:13:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Firefox\Profiles\13tqk9hz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.21 11:20:01 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Firefox\Profiles\13tqk9hz.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.10.26 11:28:53 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Vartotojas\Application Data\Mozilla\Firefox\Profiles\13tqk9hz.default\extensions\personas@christopher.beard
[2011.02.21 14:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.29 20:43:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.12 19:33:26 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2010.11.13 11:41:13 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2009.01.28 18:12:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007.02.04 22:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010.10.01 11:00:50 | 000,001,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-lt.xml
 
O1 HOSTS File: ([2009.05.31 23:04:05 | 000,000,146 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 security-problem.microsoft.com
O1 - Hosts: 94.232.248.66 inetavirus.com
O1 - Hosts: 94.232.248.66 www.inetavirus.com
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTog1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [braviax]  File not found
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSFox]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PhilipsDM] C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe (Koninklijke Philips Electronics N.V.)
O4 - HKLM..\Run: [Regedit32]  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [braviax]  File not found
O4 - HKCU..\Run: [DW6]  File not found
O4 - HKCU..\Run: [mssend] C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2\svcnost.exe (Opera Software)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Vartotojas\Start Menu\Programs\Startup\„OpenOffice.org 3.0“.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188714202234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} http://images.fotki.com/activex/FotkiUploader.cab (FotkiUploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2\csrss.exe") - C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2\csrss.exe (Opera Software)
O21 - SSODL: UpdateCheck - {EBAF7599-13BA-4815-881C-E5CBCE79E7FB} -  File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Vartotojas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vartotojas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.01 19:02:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{43b79460-666e-11dc-a49f-001a4d759af9}\Shell\AutoRun\command - "" = E:\ -- File not found
O33 - MountPoints2\{43b79460-666e-11dc-a49f-001a4d759af9}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{524f54ea-a315-11dc-a4f9-001a4d759af9}\Shell\AutoRun\command - "" = E:\ -- File not found
O33 - MountPoints2\{524f54ea-a315-11dc-a4f9-001a4d759af9}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{6d85362a-92a2-11dc-a4dc-001a4d759af9}\Shell\AutoRun\command - "" = E:\ -- File not found
O33 - MountPoints2\{6d85362a-92a2-11dc-a4dc-001a4d759af9}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{837814eb-dc54-11dd-a6a3-001a4d759af9}\Shell - "" = AutoRun
O33 - MountPoints2\{837814eb-dc54-11dd-a6a3-001a4d759af9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{837814eb-dc54-11dd-a6a3-001a4d759af9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{9e64e1c7-1fdf-11dd-a5c0-001a4d759af9}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{9e64e1c7-1fdf-11dd-a5c0-001a4d759af9}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{c438b73c-7566-11dc-a4b6-001a4d759af9}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{c438b73c-7566-11dc-a4b6-001a4d759af9}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{fab83e45-becb-11dd-a680-001a4d759af9}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{fab83e45-becb-11dd-a680-001a4d759af9}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{fab83e46-becb-11dd-a680-001a4d759af9}\Shell\AutoRun\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{fab83e46-becb-11dd-a680-001a4d759af9}\Shell\open\command - "" = E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.02.22 01:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2
[2011.02.21 23:07:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vartotojas\Desktop\OTL.exe
[2011.02.21 22:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\Desktop\SCALA_log
[2011.02.21 15:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\Application Data\x2rg3qrttsk2ivzzhnmiuwvktddsqrqf2
[2011.02.20 00:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\Application Data\xc3k23kzl3wat3nqtmi1cangqqnmqh2a2
[2011.02.19 13:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\My Documents\Audible
[2011.02.19 13:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audible
[2011.02.19 13:57:40 | 001,525,176 | ---- | C] (Audible Inc.) -- C:\Program Files\ActiveSetupN.exe
[2011.02.19 00:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\Application Data\xfcqslwucumoxjzwmlocaogk2kn1xzdt2
[2011.02.19 00:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2
[2011.02.15 19:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.02.12 11:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\Application Data\LolClient
[2011.02.12 11:16:38 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2011.02.12 11:16:38 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2011.02.12 11:16:37 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011.02.12 11:16:37 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011.02.12 11:16:34 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011.02.12 11:16:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011.02.12 11:09:51 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011.02.12 11:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Riot Games
[2011.02.12 11:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\Desktop\League of Legends
[2011.02.12 11:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vartotojas\Local Settings\Application Data\PMB Files
[2011.02.12 11:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011.02.12 11:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010.02.18 11:53:09 | 008,462,712 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.exe
[2009.05.27 23:46:25 | 003,371,384 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup.exe
[2009.05.27 22:46:44 | 016,936,088 | ---- | C] (PC Tools                                                    ) -- C:\Program Files\6.0.1.440n-sdrevenue-setup.exe
[2009.05.26 18:23:22 | 014,144,128 | ---- | C] (Doctor Web, Ltd.) -- C:\Program Files\launch.exe
[2009.01.07 10:43:23 | 003,165,824 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup215.exe
[2008.12.02 21:12:42 | 002,424,616 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsRightsManagementServicesSP2-KB917275-Client-ENU-x86.exe
[2008.11.18 17:05:03 | 000,342,672 | ---- | C] (NCH Software) -- C:\Program Files\vrssetup.exe
[2008.11.07 15:18:05 | 002,643,240 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeInstaller-Beta.exe
[2008.10.14 23:33:48 | 001,112,212 | ---- | C] (Ravlyk.net                                                  ) -- C:\Program Files\sae4setup.exe
[2008.09.11 18:03:04 | 011,132,432 | ---- | C] (Macrovision Corporation) -- C:\Program Files\PCStitch_Inst.exe
[2008.08.27 18:50:11 | 048,367,896 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_138a1332.exe
[2008.06.08 11:21:49 | 014,167,592 | ---- | C] (Doctor Web, Ltd.) -- C:\Program Files\cureit.exe
[2008.06.08 10:22:04 | 054,400,352 | ---- | C] (Macrovision Corporation) -- C:\Program Files\PCStitchPro_Inst.exe
[2008.06.05 13:28:17 | 059,782,440 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2008.05.22 20:31:52 | 006,910,136 | ---- | C] (Lizardtech                                                  ) -- C:\Program Files\DJVUCNTL_61_EN.EXE
[2008.04.16 14:05:43 | 006,091,720 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.13.exe
[2008.03.17 18:02:10 | 011,158,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\office2007-kb934062-fullfile-x86-glb.exe
[2008.03.17 17:54:23 | 005,266,528 | ---- | C] (Microsoft Corporation) -- C:\Program Files\publisher2007-kb936646-fullfile-x86-glb.exe
[2008.01.09 19:05:58 | 003,299,143 | ---- | C] (Ivan Johansen                                               ) -- C:\Program Files\SetupGraph-4.3.exe
[2007.10.31 22:42:18 | 023,770,568 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXInstaller.exe
[2007.10.08 16:10:50 | 011,289,948 | ---- | C] (Arobas Music                                                ) -- C:\Program Files\GP5DEMO.exe
[2007.09.29 09:08:54 | 018,895,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Install_Messenger.exe
[2007.09.03 18:50:14 | 004,789,792 | ---- | C] (Google Inc.) -- C:\Program Files\picasa2-current.exe
[2007.09.03 16:41:22 | 000,955,784 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.02.22 10:28:29 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.22 10:21:40 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.02.22 07:53:24 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.02.22 07:53:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.21 23:36:07 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\hxcvlcew.exe
[2011.02.21 23:13:16 | 000,233,984 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\Igyjamoji senatis (Ieva Sidaraviciute, VU TF 5 k.).doc
[2011.02.21 23:07:27 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vartotojas\Desktop\OTL.exe
[2011.02.21 22:21:27 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\Diplominis_kaip.doc
[2011.02.21 22:19:46 | 000,087,812 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\SCALA_log.zip
[2011.02.21 19:21:17 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{48CB02CC-5272-462D-AFC4-0E2C81CDB339}.job
[2011.02.21 14:46:04 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.02.20 02:13:35 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\Igyjamosios senaties taikymo problemos Lietuvos Respublikoje.doc
[2011.02.19 13:57:41 | 001,525,176 | ---- | M] (Audible Inc.) -- C:\Program Files\ActiveSetupN.exe
[2011.02.19 11:03:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.18 21:50:43 | 001,933,767 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\P1000430.JPG
[2011.02.18 13:32:29 | 000,011,546 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\dogwaggingtrans.gif
[2011.02.17 14:28:14 | 000,038,308 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\maze.jpg
[2011.02.17 09:59:25 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\PVZ..doc
[2011.02.16 22:40:40 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2011.02.16 20:50:21 | 000,075,776 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\20.doc
[2011.02.16 20:49:29 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\19.doc
[2011.02.16 20:48:52 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\18.doc
[2011.02.16 20:48:21 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\17.doc
[2011.02.16 20:47:38 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\15.doc
[2011.02.16 20:47:36 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\14.doc
[2011.02.16 20:47:34 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\13.doc
[2011.02.16 20:46:16 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\12.doc
[2011.02.16 19:18:10 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\likusi medziaga.doc
[2011.02.16 18:13:41 | 000,215,552 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\pirminiai NT igijimo pagrindai.doc
[2011.02.15 22:07:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.02.15 17:39:51 | 000,235,400 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\8-18245-10_IPA_hiddendeath02.jpg
[2011.02.14 20:59:28 | 001,131,504 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\DSC04849.JPG
[2011.02.14 20:53:13 | 001,819,601 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\P6010176.JPG
[2011.02.14 20:51:52 | 001,689,008 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\P6010199.JPG
[2011.02.14 15:58:51 | 002,212,807 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\P2141653.JPG
[2011.02.14 15:58:51 | 001,996,956 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\P2141654.JPG
[2011.02.12 11:16:40 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011.02.12 11:01:13 | 002,257,408 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\LeagueofLegends.exe
[2011.02.11 09:15:21 | 000,305,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.11 00:01:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.02.10 22:57:32 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\Pasaka ne pasaka.doc
[2011.02.09 15:49:46 | 000,046,794 | ---- | M] () -- C:\Documents and Settings\Vartotojas\Desktop\Atspausdinti.docx
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.02.21 23:36:07 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\hxcvlcew.exe
[2011.02.21 22:21:26 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\Diplominis_kaip.doc
[2011.02.21 22:19:45 | 000,087,812 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\SCALA_log.zip
[2011.02.18 21:48:59 | 001,933,767 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\P1000430.JPG
[2011.02.18 13:32:27 | 000,011,546 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\dogwaggingtrans.gif
[2011.02.17 14:28:14 | 000,038,308 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\maze.jpg
[2011.02.17 09:59:24 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\PVZ..doc
[2011.02.16 20:50:20 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\20.doc
[2011.02.16 20:49:29 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\19.doc
[2011.02.16 20:48:51 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\18.doc
[2011.02.16 20:48:21 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\17.doc
[2011.02.16 20:47:37 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\15.doc
[2011.02.16 20:47:35 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\14.doc
[2011.02.16 20:47:34 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\13.doc
[2011.02.16 20:46:16 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\12.doc
[2011.02.16 19:55:20 | 000,233,984 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\Igyjamoji senatis (Ieva Sidaraviciute, VU TF 5 k.).doc
[2011.02.16 18:56:35 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\likusi medziaga.doc
[2011.02.16 18:13:39 | 000,215,552 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\pirminiai NT igijimo pagrindai.doc
[2011.02.15 17:39:50 | 000,235,400 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\8-18245-10_IPA_hiddendeath02.jpg
[2011.02.14 20:59:26 | 001,131,504 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\DSC04849.JPG
[2011.02.14 20:53:12 | 001,819,601 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\P6010176.JPG
[2011.02.14 20:51:50 | 001,689,008 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\P6010199.JPG
[2011.02.14 15:58:48 | 002,212,807 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\P2141653.JPG
[2011.02.14 15:58:48 | 001,996,956 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\P2141654.JPG
[2011.02.12 11:16:40 | 000,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk
[2011.02.12 11:01:12 | 002,257,408 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\LeagueofLegends.exe
[2011.02.10 22:57:31 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\Pasaka ne pasaka.doc
[2011.02.09 15:49:46 | 000,046,794 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Desktop\Atspausdinti.docx
[2010.03.29 21:50:50 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010.03.29 21:50:16 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Application Data\avdrn.dat
[2010.03.09 14:57:40 | 003,246,833 | ---- | C] () -- C:\Program Files\aida32ee_393.zip
[2010.03.09 14:57:40 | 000,000,000 | ---- | C] () -- C:\Program Files\aida32ee_393.zip.part
[2009.08.30 18:45:57 | 001,888,285 | ---- | C] () -- C:\Program Files\2009Decoder_2.0.0.7.zip
[2009.08.17 22:41:46 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.07.21 08:59:04 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Application Data\wiaserva.log
[2009.07.02 09:10:56 | 032,299,960 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2009.03.07 22:55:10 | 000,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.03.07 22:55:10 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Application Data\PnkBstrK.sys
[2008.12.02 21:13:27 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Vartotojas\Local Settings\Application Data\keyfile3.drm
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.09.22 22:08:19 | 000,668,945 | ---- | C] () -- C:\Program Files\Fonts.zip
[2008.09.11 23:57:39 | 001,804,050 | ---- | C] () -- C:\Program Files\Multidecoder_1.0.0.48.zip
[2008.09.11 21:13:38 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008.09.11 21:13:38 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2008.09.11 14:33:06 | 013,408,768 | ---- | C] () -- C:\Program Files\Puntotek26.exe
[2008.09.02 23:06:09 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp4A.log
[2008.09.02 22:53:57 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tmp1E.log
[2008.09.02 22:13:07 | 000,787,741 | ---- | C] () -- C:\Program Files\Palemonas-2.1.zip
[2008.09.02 20:28:18 | 000,006,757 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Application Data\PrimoPDFSet.xml
[2008.09.02 20:25:33 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008.09.02 20:20:49 | 011,121,848 | ---- | C] () -- C:\Program Files\FreewarePrimoSetup.exe
[2008.08.09 09:07:23 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.08.09 09:07:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.08.09 09:07:19 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.08.09 09:07:18 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.08.09 09:07:17 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.06.15 10:21:57 | 009,390,251 | ---- | C] () -- C:\Program Files\vlc-0.8.6h-win32.exe
[2008.06.08 10:41:02 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTRDF14N.INI
[2008.05.21 21:08:29 | 009,570,425 | ---- | C] () -- C:\Program Files\pmst20t.zip
[2008.04.28 18:13:33 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008.04.15 13:27:42 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008.03.25 23:13:26 | 000,000,527 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008.02.15 14:27:09 | 000,000,911 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2008.01.26 18:28:24 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.01.23 22:58:59 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008.01.23 21:14:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008.01.16 23:24:36 | 005,026,928 | ---- | C] () -- C:\Program Files\SetupCloneDVD2.exe
[2008.01.09 10:44:38 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2008.01.08 17:16:30 | 004,995,400 | ---- | C] () -- C:\Program Files\BitComet_0.97_setup.exe
[2008.01.08 16:37:56 | 005,722,976 | ---- | C] () -- C:\Program Files\BitCometBeta_20080102_setup.exe
[2007.11.24 17:39:30 | 000,000,065 | -HS- | C] () -- C:\Documents and Settings\Vartotojas\Application Data\.zreglib
[2007.11.24 17:31:53 | 000,000,124 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007.10.08 23:01:33 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.10.08 22:59:36 | 001,494,016 | ---- | C] () -- C:\Program Files\gsv48w32.exe
[2007.10.08 22:49:04 | 000,025,710 | ---- | C] () -- C:\Program Files\4822-ghostview.htm
[2007.10.08 22:43:23 | 012,289,536 | ---- | C] () -- C:\Program Files\gs860w32.exe
[2007.09.22 19:27:32 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007.09.17 10:03:20 | 003,861,320 | ---- | C] () -- C:\Program Files\eMule0.48a-Installer2.exe
[2007.09.03 18:22:04 | 005,271,552 | ---- | C] () -- C:\Program Files\PStory.msi
[2007.09.03 17:57:29 | 009,455,958 | ---- | C] () -- C:\Program Files\eFormFiller25v5_2007_04_18.zip
[2007.09.03 09:18:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007.09.02 20:20:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.09.02 19:42:15 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2007.09.01 21:56:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.09.01 19:21:02 | 000,128,000 | ---- | C] () -- C:\Documents and Settings\Vartotojas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.01 16:52:30 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2007.09.01 16:37:39 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.06.26 09:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006.06.01 11:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.06.01 11:22:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.06.01 11:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.06.01 11:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.06.01 11:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.06.01 11:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.06.01 11:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2008.01.16 23:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2008.04.04 23:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009.03.26 11:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2008.09.22 13:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008.06.09 16:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008.11.18 17:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011.02.12 11:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2008.01.04 00:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prevx
[2009.01.07 01:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2008.01.23 21:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007.11.24 17:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009.05.27 22:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.09.30 22:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008.01.23 21:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\Canon
[2010.01.12 18:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\Dealio
[2008.12.18 23:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\Dev-Cpp
[2007.11.24 17:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\Elaborate Bytes
[2008.08.22 15:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\ForetellTarot
[2008.06.09 16:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\funkitron
[2008.06.09 16:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\GameHouse
[2009.03.07 22:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\id Software
[2008.03.15 21:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\Image Zone Express
[2009.10.13 22:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\ImTOO Software Studio
[2011.02.12 11:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\LolClient
[2008.01.30 22:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\My Games
[2008.11.18 17:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\NCH Swift Sound
[2011.02.19 00:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2
[2009.04.04 11:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\OpenOffice.org
[2008.01.04 00:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\PrevxCSI
[2008.01.23 21:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\ScanSoft
[2010.11.12 19:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\Search Settings
[2007.11.24 17:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\SlySoft
[2009.01.07 10:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\Uniblue
[2011.02.19 13:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\uTorrent
[2011.02.21 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\x2rg3qrttsk2ivzzhnmiuwvktddsqrqf2
[2011.02.20 00:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\xc3k23kzl3wat3nqtmi1cangqqnmqh2a2
[2011.02.19 00:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\xfcqslwucumoxjzwmlocaogk2kn1xzdt2
[2011.02.22 01:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2
[2011.02.21 19:21:17 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{48CB02CC-5272-462D-AFC4-0E2C81CDB339}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

extras.txt:

Code

OTL Extras logfile created on: 2011.02.22 10:31:57 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Documents and Settings\Vartotojas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd
 
1.023,00 Mb Total Physical Memory | 501,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 55,37 Gb Free Space | 23,78% Space Free | Partition Type: NTFS
Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,73 Gb Total Space | 2,94 Gb Free Space | 78,78% Space Free | Partition Type: FAT32
 
Computer Name: PC1 | User Name: Vartotojas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58319:TCP" = 58319:TCP:*:Enabled:Pando Media Booster
"58319:UDP" = 58319:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58319:TCP" = 58319:TCP:*:Enabled:Pando Media Booster
"58319:UDP" = 58319:UDP:*:Enabled:Pando Media Booster
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Mozilla Firefox\update.exe" = C:\Program Files\Mozilla Firefox\update.exe:*:Enabled:ldrsoft
"C:\Documents and Settings\Vartotojas\Application Data\xfcqslwucumoxjzwmlocaogk2kn1xzdt2\svcnost.exe" = C:\Documents and Settings\Vartotojas\Application Data\xfcqslwucumoxjzwmlocaogk2kn1xzdt2\svcnost.exe:*:Enabled:ldrsoft -- (Opera Software)
"C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2\csrss.exe" = C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2\csrss.exe:*:Enabled:ldrsoft -- (Opera Software)
"C:\Documents and Settings\Vartotojas\Application Data\xc3k23kzl3wat3nqtmi1cangqqnmqh2a2\svcnost.exe" = C:\Documents and Settings\Vartotojas\Application Data\xc3k23kzl3wat3nqtmi1cangqqnmqh2a2\svcnost.exe:*:Enabled:ldrsoft -- (Opera Software)
"C:\Documents and Settings\Vartotojas\Application Data\x2rg3qrttsk2ivzzhnmiuwvktddsqrqf2\svcnost.exe" = C:\Documents and Settings\Vartotojas\Application Data\x2rg3qrttsk2ivzzhnmiuwvktddsqrqf2\svcnost.exe:*:Enabled:ldrsoft -- (Opera Software)
"C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2\svcnost.exe" = C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2\svcnost.exe:*:Enabled:ldrsoft -- (Opera Software)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05B3273E-4926-4663-8274-F8989431063C}" = PCStitch Pro
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips Device Manager
"{37460314-9261-48EB-A840-60988F9B3DA6}" = ALKONAS
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D2BE82F-427B-4D42-9991-DBBDC44E570D}" = OpenOffice.org 3.0
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{560CA2E4-D5D1-4E19-9F6C-895F80C702A4}" = PM Stitch Creator 3 Trial
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CADD3F6-E808-4D48-893D-797B4849DE72}" = Quake Live Mozilla Plugin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C1F83B10-0BEB-475f-BBA2-E235B02B9826}" = Dealio Toolbar v4.1
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A69CA0-8BBF-4404-BA68-DB79A3548E34}" = PCStitch 7
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Corel Paint Shop Pro 9
"{FB35F38E-5AD3-4DBE-886E-B3AAAE8D6E8E}" = ABBYY eFormFiller 2.5 v5
"Ace Poster" = Ace Poster
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"AnyDVD" = AnyDVD
"AP Tuner 3.08" = AP Tuner 3.08
"art_of_murder_de_is1" = Die Kunst des Mordens - Geheimakte FBI
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitComet" = BitComet 0.97
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Freecorder4.1" = Freecorder
"Ģīķīļīėč˙ 3" = Ģīķīļīėč˙ 3
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Graph_is1" = Graph 4.3
"GSview 4.8" = GSview 4.8
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.0
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImTOO iPod Movie Converter" = ImTOO iPod Movie Converter
"YInstHelper" = Yahoo! Install Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Full)
"LastFM_is1" = Last.fm 1.5.2.38918
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PENTAX Digital Camera Utility" = PENTAX Digital Camera Utility
"Picasa 3" = Picasa 3
"Poker Superstars II" = Poker Superstars II
"PrimoPDF4.1.0.9" = PrimoPDF
"PRJPRO" = Microsoft Office Project Professional 2007
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"RavlykSAEv3_is1" = Stitch Art Easy! version 3.0.1/Premiere
"RavlykSAEv31E_is1" = Stitch Art Easy! version 3.1/E
"ScummVM_is1" = ScummVM 0.8.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ST6UNST #1" = Puntotek V2
"Stitch Art Easy! 4.0_is1" = Stitch Art Easy! 4.0 Alpha 3
"Supaplex 3000_is1" = Supaplex 3000
"ToggleEN Toolbar" = ToggleEN Toolbar
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WavePad" = WavePad Sound Editor
"WebDesigner" = Microsoft Expression Web
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archyvu programa
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FPS06x" = FPS 0.6.4a
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2010.12.16 05:42:05 | Computer Name = PC1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\documents and settings\all
 users\application data\microsoft\visio\catalog.wci. Index will   be automatically
 restored by refiltering all documents.
 
Error - 2010.12.17 16:09:03 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
 kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
 
Error - 2011.01.11 10:43:56 | Computer Name = PC1 | Source = Application Hang | ID = 1002
Description = Hanging application Picasa3.exe, version 3.8.117.29, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 2011.01.31 04:16:04 | Computer Name = PC1 | Source = ESENT | ID = 490
Description = svchost (1184) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 2011.02.18 18:02:55 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application svcnost.exe, version 10.63.3516.0, faulting module
 unknown, version 0.0.0.0, fault address 0x00000000.
 
Error - 2011.02.19 13:34:50 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module divxdec.ax, version 6.3.0.84, fault address 0x0005cc88.
 
Error - 2011.02.19 18:44:46 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application svcnost.exe, version 10.63.3516.0, faulting module
 unknown, version 0.0.0.0, fault address 0x00000000.
 
Error - 2011.02.20 16:46:57 | Computer Name = PC1 | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer ContentIndexingService
 called routine VsServiceChangeState which failed with status 0x8007041d (converted
 to 0x800423f4).
 
Error - 2011.02.21 09:47:00 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application svcnost.exe, version 10.63.3516.0, faulting module
 unknown, version 0.0.0.0, fault address 0x00000000.
 
Error - 2011.02.21 19:51:48 | Computer Name = PC1 | Source = Application Error | ID = 1000
Description = Faulting application svcnost.exe, version 10.63.3516.0, faulting module
 unknown, version 0.0.0.0, fault address 0x00000000.
 
[ OSession Events ]
Error - 2008.09.18 02:13:05 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 863
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2008.09.18 02:13:31 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2008.09.18 02:14:07 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2008.09.18 02:45:39 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1882
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 2008.09.18 02:46:10 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2008.09.18 02:46:50 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2009.05.03 10:23:41 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1166
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 2009.05.03 10:37:36 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5197
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 2009.09.25 05:54:44 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2010.01.09 12:36:31 | Computer Name = PC1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 286
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2011.02.21 10:20:42 | Computer Name = PC1 | Source = VolSnap | ID = 393241
Description = The shadow copy of volume C: was aborted because the diff area file
 could  not grow in time.  Consider reducing the IO load on this system to avoid  this
 problem in the future.
 
Error - 2011.02.21 10:25:01 | Computer Name = PC1 | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before 
it was properly installed.
 
Error - 2011.02.21 10:25:36 | Computer Name = PC1 | Source = VolSnap | ID = 393241
Description = The shadow copy of volume C: was aborted because the diff area file
 could  not grow in time.  Consider reducing the IO load on this system to avoid  this
 problem in the future.
 
Error - 2011.02.21 10:28:32 | Computer Name = PC1 | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before 
it was properly installed.
 
Error - 2011.02.21 10:34:30 | Computer Name = PC1 | Source = VolSnap | ID = 393241
Description = The shadow copy of volume C: was aborted because the diff area file
 could  not grow in time.  Consider reducing the IO load on this system to avoid  this
 problem in the future.
 
Error - 2011.02.21 14:28:21 | Computer Name = PC1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SASKUTIL
 
Error - 2011.02.21 17:56:27 | Computer Name = PC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
 period.
 
Error - 2011.02.21 18:00:23 | Computer Name = PC1 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
 period.
 
Error - 2011.02.21 19:22:14 | Computer Name = PC1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SASKUTIL
 
Error - 2011.02.22 01:54:19 | Computer Name = PC1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SASKUTIL
 
 
< End of report >

GMER:

Code

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-22 12:15:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500KS-00MJB0 rev.02.01C03
Running: hxcvlcew.exe; Driver: C:\DOCUME~1\VARTOT~1\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT            F7C5A0C6                                                                                                                                                                                                 ZwCreateKey
SSDT            F7C5A0BC                                                                                                                                                                                                 ZwCreateThread
SSDT            F7C5A0CB                                                                                                                                                                                                 ZwDeleteKey
SSDT            F7C5A0D5                                                                                                                                                                                                 ZwDeleteValueKey
SSDT            sptd.sys                                                                                                                                                                                                 ZwEnumerateKey [0xF73C984C]
SSDT            sptd.sys                                                                                                                                                                                                 ZwEnumerateValueKey [0xF73C9BEC]
SSDT            F7C5A0DA                                                                                                                                                                                                 ZwLoadKey
SSDT            sptd.sys                                                                                                                                                                                                 ZwOpenKey [0xF73C4090]
SSDT            F7C5A0A8                                                                                                                                                                                                 ZwOpenProcess
SSDT            F7C5A0AD                                                                                                                                                                                                 ZwOpenThread
SSDT            sptd.sys                                                                                                                                                                                                 ZwQueryKey [0xF73C9CC4]
SSDT            sptd.sys                                                                                                                                                                                                 ZwQueryValueKey [0xF73C9B44]
SSDT            F7C5A0E4                                                                                                                                                                                                 ZwReplaceKey
SSDT            F7C5A0DF                                                                                                                                                                                                 ZwRestoreKey
SSDT            F7C5A0D0                                                                                                                                                                                                 ZwSetValueKey

Code            8767D4FC                                                                                                                                                                                                 NlsAnsiCodePage

---- Kernel code sections - GMER 1.0.15 ----

?               C:\WINDOWS\system32\drivers\sptd.sys                                                                                                                                                                     The process cannot access the file because it is being used by another process.
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                                                                 section is writeable [0xF6D3E360, 0x240F7E, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                                                                                                    F6CE28AC 5 Bytes  JMP 86F9E960 
?               System32\Drivers\aax4o0d6.SYS                                                                                                                                                                            The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

?               C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2\csrss.exe[1764]                                                                                                   time/date stamp mismatch; unknown module: oleaut32.dllunknown module: SHFolder.dllunknown module: wsock32.dll
UPX1            C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2\csrss.exe[1764] C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2\csrss.exe  entry point in "UPX1" section [0x00661180]

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                                                                   8715F1D8
Device          \FileSystem\Fastfat \FatCdrom                                                                                                                                                                            865B5980
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                                                                                         86F9D980
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                                                                                         86F9D980
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                                                                                                871D41D8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                                                                                                  871D41D8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                                                                                                     871D41D8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                                                                                                    871D41D8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                                                                                         86F9D980
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                                                                                                         86F9D980
Device          \Driver\00000049 \Device\00000047                                                                                                                                                                        sptd.sys
Device          \Driver\usbehci \Device\USBPDO-4                                                                                                                                                                         86F571D8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                                                                   871611D8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                                                                                             86F3D1D8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                                                                                              [F7318B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                                       [F7318B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                                       [F7318B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                                                                                                              [F7318B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Cdrom \Device\CdRom2                                                                                                                                                                             86F3D1D8
Device          \Driver\USBSTOR \Device\00000075                                                                                                                                                                         86D557F8
Device          \Driver\USBSTOR \Device\00000076                                                                                                                                                                         86D557F8
Device          \Driver\USBSTOR \Device\00000077                                                                                                                                                                         86D557F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                                                                  86D237E0
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                                                                                         86D237E0
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                                                                                         86F9D980
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                                                                                         86F9D980
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                                                                        86C7E980
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                                                                                         86F9D980
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                                                                              86C7E980
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                                                                                                         86F9D980
Device          \Driver\usbehci \Device\USBFDO-4                                                                                                                                                                         86F571D8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                                                                                         871611D8
Device          \Driver\aax4o0d6 \Device\Scsi\aax4o0d61                                                                                                                                                                  86F221D8
Device          \FileSystem\Fastfat \Fat                                                                                                                                                                                 865B5980

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                                                                 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                                                                                                   86CD3980
---- Processes - GMER 1.0.15 ----

Library         C:\Documents (*** hidden *** ) @ C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2\svcnost.exe [388]                                                               0x00F70000                                                                                                        

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                                                                       528608841
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                                                                       -846570619
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                                                                       1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                      C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                      0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                   0x68 0xB4 0x82 0x04 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                          0x16 0x97 0xBA 0xA1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                   0xBE 0x1C 0x0C 0xAE ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                                     
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                          C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                          0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                       0x68 0xB4 0x82 0x04 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                                                            
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                 0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                              0x16 0x97 0xBA 0xA1 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                                                                     
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                       0xBE 0x1C 0x0C 0xAE ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                          C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                          0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                       0x68 0xB4 0x82 0x04 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                                                            
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                                 0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                              0x16 0x97 0xBA 0xA1 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                                                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                       0xBE 0x1C 0x0C 0xAE ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8C3B442-5163-94E5-6429-17EE1399D930}                                                                                          
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8C3B442-5163-94E5-6429-17EE1399D930}@oacbgpghfakgjoddmmaialfpnomfcg                                                           0x61 0x69 0x61 0x63 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8C3B442-5163-94E5-6429-17EE1399D930}@iabbmnbfkndaphbhec                                                                       0x6A 0x61 0x6E 0x62 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8C3B442-5163-94E5-6429-17EE1399D930}@hahbcpghgknidilf                                                                         0x6A 0x61 0x6B 0x62 ...

---- EOF - GMER 1.0.15 ----

#2 wie lauten die avira fundmeldung, zu finden unter ereignisse :-)

#3

Zitat

The file 'C:\Documents and Settings\Vartotojas\Application Data\ntuser.dat'
contained a virus or unwanted program 'TR/Obfuscated.29996C' [trojan]
Action(s) taken:
An error has occurred and the file was not deleted. ErrorID: 26003.
The file could not be deleted!
Attempting to perform action using the ARK library.
The file was moved to the quarantine directory under the name '5731f211.qua'.

#4 bitte erstelle und poste ein combofix log.
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

#5 nach dem Start des Suchlaufs ist bei mir folgende Zeile erschienen:

Zitat

T was unexpected at this time

danach ist nix mehr passiert, zeit wurde noch nicht abgeaendert, internet wurde auch noch nicht gekappt.

wollte nur sicher gehen, bevor ich mit dem geduldig-sein uebertreibe

#6 brich mal ab.
starte im abgesicherten modus ohne netzwerk, sollte bei pc start mit f8 gehen, da gelangst du ins auswahlmenü, dort starte combofix erneut.

#7 ok, danke. Mach ich aber erst morgen oder heute Nacht, jetzt brauche ich erstmal den PC.

#8 aber kein onlinebanking, keine einkäufe und am besten nichts wo du ein passwort eingeben musst.

#9 auch im abgesicherten modus ohne netzwerk ist diese zeile gleich nach dem anfang erschienen und nix mehr passiert.

#10 • Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
:files
C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2
C:\Documents and Settings\Vartotojas\Application Data\x2rg3qrttsk2ivzzhnmiuwvktddsqrqf2
C:\Documents and Settings\Vartotojas\Application Data\xfcqslwucumoxjzwmlocaogk2kn1xzdt2
C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

#11 habe alles gemacht, wie du geschrieben hast, aber gleich nachdem ich auf fix geklickt habe, ist eine Meldung in blauem Hintergrund über den ganzen Monitor erschienen (a problem has been detected and windows has been shut down to prevent damage to your computer). Musste daraufhin den PC neustarten. Dasselbe ist passiert, als ich versucht habe, deine Anweisungen zum zweiten mal auszuführen ich sehe kein neues Textdokument, also nehme ich mal an, dass wieder mal was schiefgegangen ist..

#12 passiert das selbe auch im abgesicherten modus?

#13 ja, leider da auch

#14 lade den avenger, füge das script wie beschrieben ein
http://virus-protect.org/artikel/tools/avenger.html

folders to delete:
C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2
C:\Documents and Settings\Vartotojas\Application Data\x2rg3qrttsk2ivzzhnmiuwvktddsqrqf2
C:\Documents and Settings\Vartotojas\Application Data\xfcqslwucumoxjzwmlocaogk2kn1xzdt2
C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2

führe das script wie beschrieben aus log posten.

#15

Code

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Documents and Settings\Vartotojas\Application Data\xtp22gdkvkqcnpxadtqk3tspznkygl3x2" deleted successfully.
Folder "C:\Documents and Settings\Vartotojas\Application Data\x2rg3qrttsk2ivzzhnmiuwvktddsqrqf2" deleted successfully.
Folder "C:\Documents and Settings\Vartotojas\Application Data\xfcqslwucumoxjzwmlocaogk2kn1xzdt2" deleted successfully.
Folder "C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.