:Processes Explorer.EXE :Services QuestService Service :OTL PRC - [2009-12-04 18:53:30 | 00,058,744 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice129.exe PRC - [2009-12-04 18:53:30 | 00,058,744 | ---- | M] () – C:\Program Files\QuestService\questservice.exe PRC - [2009-11-30 05:29:47 | 01,015,808 | ---- | M] () – C:\Program Files\Gameztar Toolbar\2.1.1.5490\mvbsvc.exe PRC - [2009-11-30 05:29:46 | 00,712,704 | ---- | M] () – C:\Program Files\Gameztar Toolbar\2.1.1.5490\mvbapp.exe PRC - [2009-11-26 18:27:36 | 00,348,160 | ---- | M] () – C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe FF - prefs.js…browser.search.selectedEngine: “Gameztar Toolbar” FF - prefs.js…browser.startup.homepage: “http://home.myquickfinder.com/” FF - prefs.js…extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5190 FF - prefs.js…extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:3.1.0.1630 FF - prefs.js…extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js…extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1840 FF - HKLM\software\mozilla\Firefox\Extensions\{40f1eb95-4de4-4f36-a826-054ee36bb905}: C:\Program Files\Gameztar Toolbar\2.1.1.5490\FFToolbar [2009-12-01 16:35:55 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1840\FF [2009-12-01 16:36:17 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF [2009-12-01 16:36:31 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF [2009-12-01 16:36:49 | 00,000,000 | —D | M] [2009-12-01 19:53:49 | 00,002,405 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\questservice127.xml [2009-12-05 12:31:32 | 00,002,405 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\questservice129.xml O4 - HKLM…\Run: [internet Today Task] C:\Program Files\Internet Today\1.1.0.1190\InternetToday.exe () O4 - HKCU…\Run: [cdoosoft] C:\Documents and Settings\xxx\Ustawienia lokalne\Temp\herss.exe () O4 - HKCU…\Run: [VideoBarApp] C:\Program Files\Gameztar Toolbar\2.1.1.5490\mvbapp.exe () O32 - AutoRun File - [2009-12-20 12:52:24 | 00,000,051 | RHS- | M] () - C:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-12-20 12:52:24 | 00,000,051 | RHS- | M] () - D:\autorun.inf – [NTFS] [2009-12-01 16:40:30 | 00,000,000 | —D | C] – C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Textual Content Provider [2009-12-01 16:38:45 | 00,000,000 | —D | C] – C:\Program Files\QuestService [2009-12-01 16:38:45 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\QuestService [2009-12-01 16:38:15 | 00,000,000 | —D | C] – C:\Program Files\Textual Content Provider [2009-12-01 16:37:56 | 00,000,000 | —D | C] – C:\Program Files\Content Management Wizard [2009-12-01 16:37:25 | 00,000,000 | —D | C] – C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Internet Today [2009-12-01 16:37:24 | 00,000,000 | —D | C] – C:\Program Files\Internet Today [2009-12-01 16:36:50 | 00,000,000 | —D | C] – C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Customized Platform Advancer [2009-12-01 16:36:49 | 00,000,000 | —D | C] – C:\Program Files\Customized Platform Advancer [2009-12-01 16:36:32 | 00,000,000 | —D | C] – C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Automated Content Enhancer [2009-12-01 16:36:31 | 00,000,000 | —D | C] – C:\Program Files\Automated Content Enhancer [2009-12-01 16:36:18 | 00,000,000 | —D | C] – C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Web Search Operator [2009-12-01 16:36:17 | 00,000,000 | —D | C] – C:\Program Files\Web Search Operator [2009-12-01 16:35:44 | 00,000,000 | —D | C] – C:\Program Files\Gameztar Toolbar [2009-12-01 16:35:35 | 00,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{C93517E0-BBC3-4865-B575-AB619D699869} [2009-12-01 16:35:20 | 00,000,000 | —D | C] – C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Gameztar Toolbar :Reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “SuperHidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “Hidden”=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] “ShowSuperHidden”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] “CheckedValue”=dword:00000001 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden] @="" :Files C:\0qw6vege.exe C:\1a1dndah.exe C:\2id9.exe C:\3n8awsyg.exe C:\6ruaqx.exe C:\9b9w3.exe C:\9g86.exe C:\a2g21.exe C:\b00ijwpu.exe C:\cs6phv6d.exe C:\curqp.exe C:\eexyv.exe C:\g12g.exe C:\gcq6.exe C:\hjvjte.exe C:\i9bwjpqc.exe C:\k0maw.exe C:\k8jc.exe C:\l61yyp.exe C:\lphfa.exe C:\mbdm.exe C:\mbvd.exe C:\mwfubaob.exe C:\ngp8l.exe C:\nqdymj.exe C:\nx.exe C:\opdux.exe C:\pbudsara.exe C:\q3kku.exe C:\q93fi6kf.exe C:\sbcatf.exe C:\srgo.exe C:\t8g.exe C:\uqgvf.exe C:\v1cbvsmq.exe C:\vk0w.exe C:\wcgswa.exe C:\wfx062.exe C:\wu1n.exe C:\xmor.exe C:\yu3.exe D:\0qw6vege.exe D:\1a1dndah.exe D:\2id9.exe D:\3n8awsyg.exe D:\6ruaqx.exe D:\9b9w3.exe D:\9g86.exe D:\a2g21.exe D:\b00ijwpu.exe D:\cs6phv6d.exe D:\curqp.exe D:\eexyv.exe D:\g12g.exe D:\gcq6.exe D:\hjvjte.exe D:\i9bwjpqc.exe D:\k0maw.exe D:\k8jc.exe D:\l61yyp.exe D:\lphfa.exe D:\mbdm.exe D:\mbvd.exe D:\mwfubaob.exe D:\ngp8l.exe D:\nqdymj.exe D:\nx.exe D:\opdux.exe D:\pbudsara.exe D:\q3kku.exe D:\q93fi6kf.exe D:\sbcatf.exe D:\srgo.exe D:\t8g.exe D:\uqgvf.exe D:\v1cbvsmq.exe D:\vk0w.exe D:\wcgswa.exe D:\wfx062.exe D:\wu1n.exe D:\xmor.exe D:\yu3.exe :Commands [emptytemp] [start explorer]