Spomaleny pc, vyhadzuje errory

[MaTiSkOoO]

Zdravím, pc je už dlhšiu dobu pomalý a vyhadzuje samé errory, napr. keď po štarte vypnem skype dole v lište, tak ho už znovu nespustím, lebo výpíše error, že sa dajú spustiť iba nainštalované veci atď...Tj . prosím o kontrolu logu, ďakujem


Logfile of random's system information tool 1.08 (written by random/random)
Run by M_1NK0 at 2011-07-03 19:26:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 82 GB (54%) free of 150 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:26:57, on 3.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\M_1NK0\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\M_1NK0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... wbS7_4KdGA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Microsoft Windows XP 2008 Ultra Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: CSearchBHO Class - {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SearchBHO.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ShowBarObj Class - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\MinBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: HelloWorldBHO - {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SearchBHO.dll
O3 - Toolbar: Save Tube Video - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SaveTubeVideo.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [True Transparency] C:\Program Files\Vista Components\True Transparency\TrueTransparency.exe
O4 - HKLM\..\Run: [ViOrb] C:\Program Files\Vista Components\ViOrb\ViOrb.exe
O4 - HKLM\..\Run: [Transparency Bar] C:\Program Files\Vista Components\Transparency Bar\TransBar.exe /s
O4 - HKLM\..\Run: [Rocket Dock] C:\Program Files\RocketDock\RocketDock.exe
O4 - HKLM\..\Run: [Visual Task Tips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [Auto Del Temp] C:\WINDOWS\system32\TEMP.cmd
O4 - HKLM\..\Run: [PostrannÝ Panel systÚmu Windows] C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [PCSpeedUp] "C:\Program Files\Zrychleni Pocitace\PCSpeedUp.exe"
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\Vista Components\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... 2011070202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 12462 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-606747145-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-606747145-1801674531-1003UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2008-05-20 736360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2011-06-26 58800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2011-06-26 816648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312}]
ShowBarObj Class - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\MinBHO.dll [2011-01-05 1918976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll [2011-04-14 265944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class - C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll [2011-03-08 432640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D7BE8ED1-B138-48FD-BB22-9779A39130B1}]
CSearchBHO Class - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SearchBHO.dll [2011-01-05 111616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - Save Tube Video - C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\SaveTubeVideo.dll [2011-02-01 693248]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll [2011-04-14 220888]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2011-06-26 816648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"True Transparency"=C:\Program Files\Vista Components\True Transparency\TrueTransparency.exe [2008-05-27 371200]
"ViOrb"=C:\Program Files\Vista Components\ViOrb\ViOrb.exe [2008-06-13 167936]
"Transparency Bar"=C:\Program Files\Vista Components\Transparency Bar\TransBar.exe [2005-06-01 87040]
"Rocket Dock"=C:\Program Files\RocketDock\RocketDock.exe []
"Visual Task Tips"=C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2008-03-09 61440]
"Auto Del Temp"=C:\WINDOWS\system32\TEMP.cmd [2008-07-31 73]
"PostrannÝ Panel systÚmu Windows"=C:\Program Files\Windows Sidebar\Sidebar.exe [2008-04-11 1276416]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"DrvIcon"=C:\Program Files\Vista Components\Vista Drive Icon\DrvIcon.exe [2007-07-04 45056]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-24 98304]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-05-10 3459712]
"4StoryPrePatch"=C:\Program Files\Gameforge4D\4Story\PrePatch.exe [2010-10-20 319488]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe [2011-04-14 329432]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2011-06-26 34336]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2011-06-26 38408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-07-30 40960]
"Google Update"=C:\Documents and Settings\M_1NK0\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-01-25 136176]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-01-25 2937528]
"PCSpeedUp"=C:\Program Files\Zrychleni Pocitace\PCSpeedUp.exe []
"ViOrb"=C:\Program Files\Vista Components\ViOrb\ViOrb.exe [2008-06-13 167936]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2011-06-26 38408]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe

C:\Documents and Settings\M_1NK0\Nabídka Start\Programy\Po spuštění
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-04-27 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Program Files\EA Sports\NHL 09\nhl2009.exe"="C:\Program Files\EA Sports\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Program Files\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Documents and Settings\M_1NK0\Dokumenty\Downloads\Facemoods.exe"="C:\Documents and Settings\M_1NK0\Dokumenty\Downloads\Facemoods.exe:*:Enabled:InstallCore™"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter-Strike Xtreme V5\hl.exe"="C:\Program Files\Counter-Strike Xtreme V5\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe"="C:\Program Files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe:*:Enabled:SaveTubeVideo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-07-03 19:26:37 ----D---- C:\Program Files\trend micro
2011-07-03 19:26:36 ----D---- C:\rsit
2011-07-03 19:12:31 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2011-07-03 19:12:31 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2011-07-03 19:12:31 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2011-07-03 19:12:31 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2011-07-03 19:12:30 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2011-07-03 19:12:30 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2011-07-03 19:12:29 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2011-07-03 19:12:26 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2011-07-03 19:12:25 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2011-07-03 19:12:25 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2011-07-03 19:12:24 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2011-07-03 19:12:24 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2011-07-03 19:12:24 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2011-07-03 19:12:23 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2011-07-03 19:12:23 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2011-07-03 19:12:23 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2011-07-03 19:12:23 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2011-07-03 19:12:21 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2011-07-03 19:12:21 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2011-07-03 19:12:21 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2011-07-03 19:12:20 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2011-07-03 19:12:20 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2011-07-03 19:12:20 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2011-07-03 19:12:20 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2011-07-03 19:12:19 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2011-07-03 19:12:19 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2011-07-03 19:12:19 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2011-07-03 19:12:18 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2011-07-03 19:12:18 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2011-07-03 19:12:18 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2011-07-03 19:12:18 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2011-07-03 19:07:28 ----D---- C:\Program Files\City Interactive
2011-07-03 18:38:25 ----D---- C:\WINDOWS\LastGood
2011-06-29 22:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-28 14:53:27 ----D---- C:\Program Files\Robster Productions
2011-06-26 00:50:46 ----D---- C:\Program Files\MyWebSearch
2011-06-26 00:50:26 ----D---- C:\Program Files\FunWebProducts
2011-06-21 17:02:58 ----D---- C:\Program Files\Counter-Strike Xtreme V5
2011-06-21 17:01:49 ----D---- C:\WINDOWS\CSKO EXT
2011-06-20 18:48:59 ----D---- C:\Program Files\Valve
2011-06-20 18:32:07 ----D---- C:\Program Files\Counter-Strike 1.6
2011-06-20 17:47:14 ----D---- C:\Program Files\Cs 1.6 Background Maker v3.0
2011-06-17 16:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2011-06-17 16:32:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2503665$
2011-06-17 16:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2011-06-17 16:32:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276$
2011-06-17 16:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893$

======List of files/folders modified in the last 1 months======

2011-07-03 19:26:45 ----D---- C:\WINDOWS\Temp
2011-07-03 19:26:37 ----RD---- C:\Program Files
2011-07-03 19:19:17 ----D---- C:\WINDOWS\Prefetch
2011-07-03 19:12:32 ----D---- C:\WINDOWS\system32
2011-07-03 19:12:31 ----HD---- C:\WINDOWS\inf
2011-07-03 19:12:02 ----RSD---- C:\WINDOWS\assembly
2011-07-03 19:11:36 ----D---- C:\WINDOWS\system32\DirectX
2011-07-03 18:39:46 ----D---- C:\WINDOWS\system32\drivers
2011-07-03 18:39:33 ----SD---- C:\WINDOWS\Tasks
2011-07-03 18:38:25 ----D---- C:\WINDOWS
2011-07-03 18:38:20 ----D---- C:\Documents and Settings\M_1NK0\Data aplikací\Skype
2011-07-03 18:37:00 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-03 16:49:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-03 11:22:29 ----D---- C:\Documents and Settings\M_1NK0\Data aplikací\go
2011-07-02 08:57:52 ----D---- C:\Program Files\Mozilla Firefox
2011-06-29 22:41:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-06-29 17:45:36 ----HD---- C:\WINDOWS\$hf_mig$
2011-06-24 20:10:45 ----SD---- C:\Documents and Settings\M_1NK0\Data aplikací\Microsoft
2011-06-23 18:30:50 ----SHD---- C:\WINDOWS\Installer
2011-06-23 18:30:32 ----SHD---- C:\Config.Msi
2011-06-22 08:29:50 ----D---- C:\WINDOWS\system32\config
2011-06-20 18:59:17 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-19 16:56:51 ----RD---- C:\Program Files\Skype
2011-06-19 16:56:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-06-19 16:55:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
2011-06-19 16:04:45 ----D---- C:\Documents and Settings\M_1NK0\Data aplikací\skypePM
2011-06-18 23:36:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-18 23:36:02 ----D---- C:\WINDOWS\WinSxS
2011-06-17 16:32:29 ----A---- C:\WINDOWS\system32\MRT.exe
2011-06-17 16:32:24 ----A---- C:\WINDOWS\imsins.BAK
2011-06-17 16:31:54 ----D---- C:\Program Files\Internet Explorer
2011-06-17 16:31:43 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-04-27 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-08-08 98944]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-04-27 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-04-27 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2011-06-26 34320]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Také zdravím! Dost značně zavirováno. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[MaTiSkOoO]

Tu je log :


ComboFix 11-07-02.03 - M_1NK0 03.07.2011 20:28:45.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1282 [GMT 2:00]
Spuštěný z: c:\documents and settings\M_1NK0\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\xmlUpdater.exe
c:\documents and settings\Guest\xmlUpdater.exe
c:\documents and settings\M_1NK0\Data aplikací\facemoods.com
c:\documents and settings\M_1NK0\Data aplikací\MiniDm
c:\documents and settings\M_1NK0\Data aplikací\MiniDm\conf.ini
c:\documents and settings\M_1NK0\xmlUpdater.exe
c:\program files\autorun.inf
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.9\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.9\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.9\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.9\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.9\uninstall.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\3.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\3.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\3.bin\NPFUNWEB.DLL
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IEOVR.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0002649C
c:\program files\MyWebSearch\bar\Cache\00026EEC
c:\program files\MyWebSearch\bar\Cache\000277A7.bin
c:\program files\MyWebSearch\bar\Cache\00027891.bmp
c:\program files\MyWebSearch\bar\Cache\000279F8.bin
c:\program files\MyWebSearch\bar\Cache\00027EBB.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\SaveTubeVideo.com
c:\program files\SaveTubeVideo.com\SaveTubeVideo\BrowserStartPage.dll
c:\program files\SaveTubeVideo.com\SaveTubeVideo\Config.dat
c:\program files\SaveTubeVideo.com\SaveTubeVideo\downloader.exe
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\allkeywords.txt
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\components\ISwslib.xpt
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\components\nsIRdsHistoryService.js
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\components\nsIRdsHistoryService.xpt
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\components\rdstb-autocomplete.js
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\components\swslib.dll
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome.manifest
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\about.xul
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\GoogleFeed.xml
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\GoogleSearch.htm
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\registerdialog.js
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\registerdialog.xul
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\settings.js
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\skysearchtoolbar.js
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\skysearchtoolbar.xul
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\startAbout.js
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\content\unregister.xul
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\locale\en-US\skysearchtoolbar.dtd
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\locale\en-US\toolbar.properties
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\about.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\aboutDlg.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\addvideo.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\bigbutton.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\burnit.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\gripper.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\icon.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\icon16-16.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\register.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\savevideo.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\savevideo2.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\search.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\settings.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\showstatus.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\skysearchtoolbar.css
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\smile!.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\chrome\skin\videooftheday.png
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\install.rdf
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\SearchToolbar@skywebsearch.com
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FF\tmp
c:\program files\SaveTubeVideo.com\SaveTubeVideo\FLVSplitter.ax
c:\program files\SaveTubeVideo.com\SaveTubeVideo\Google Custom Search\index.htm
c:\program files\SaveTubeVideo.com\SaveTubeVideo\Google Custom Search\manifest.json
c:\program files\SaveTubeVideo.com\SaveTubeVideo\Google Custom Search\redirect.html
c:\program files\SaveTubeVideo.com\SaveTubeVideo\index.htm
c:\program files\SaveTubeVideo.com\SaveTubeVideo\InstallHelper.exe
c:\program files\SaveTubeVideo.com\SaveTubeVideo\lame.ax
c:\program files\SaveTubeVideo.com\SaveTubeVideo\MiNBho.dll
c:\program files\SaveTubeVideo.com\SaveTubeVideo\PreferencesOriginal
c:\program files\SaveTubeVideo.com\SaveTubeVideo\SaVEtubevideo.dll
c:\program files\SaveTubeVideo.com\SaveTubeVideo\SeARchbho.dll
c:\program files\SaveTubeVideo.com\SaveTubeVideo\transport_dll.dll
c:\program files\SaveTubeVideo.com\SaveTubeVideo\unins000.dat
c:\program files\SaveTubeVideo.com\SaveTubeVideo\unins000.exe
c:\program files\SaveTubeVideo.com\SaveTubeVideo\Web Data-journal
c:\program files\SaveTubeVideo.com\SaveTubeVideo\Web Data
c:\program files\Setup.exe
c:\windows\system32\config\systemprofile\xmlUpdater.exe
c:\windows\system32\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-03 do 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 17:26 . 2011-07-03 17:26 -------- d-----w- c:\program files\trend micro
2011-07-03 17:26 . 2011-07-03 17:27 -------- d-----w- C:\rsit
2011-07-03 17:07 . 2011-07-03 17:07 -------- d-----w- c:\program files\City Interactive
2011-07-02 07:32 . 2011-07-02 07:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 11:45 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{8B570C2B-4BCD-4D08-BDED-3CEC6F499805}\mpengine.dll
2011-06-28 12:53 . 2011-06-28 12:53 -------- d-----w- c:\program files\Robster Productions
2011-06-21 15:02 . 2011-06-30 19:03 -------- d-----w- c:\program files\Counter-Strike Xtreme V5
2011-06-21 15:01 . 2011-06-21 15:01 -------- d-----w- c:\windows\CSKO EXT
2011-06-20 16:48 . 2011-07-03 14:48 -------- d-----w- c:\program files\Valve
2011-06-20 16:32 . 2011-06-20 16:46 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-06-20 15:47 . 2011-03-25 12:41 -------- d-----w- c:\program files\Cs 1.6 Background Maker v3.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2011-01-27 10:09 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-24 17:14 . 2011-01-27 10:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2011-02-09 20:23 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-02-09 20:23 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-03 19:21 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-02-09 20:23 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-02-09 20:23 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-02-09 20:23 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-02-09 20:23 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-02-09 20:23 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-02-09 20:23 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-02-09 20:23 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:32 . 2009-12-27 21:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 08:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 00:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2008-04-27 10:09 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2008-03-01 14:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-03-01 14:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-27 10:08 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 00:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 07:47 . 2011-04-14 07:47 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-25 20:57 . 2011-01-25 20:22 506267136 ----a-w- c:\program files\Knight_Online_20101001.exe
2005-08-19 21:25 . 2011-01-14 19:20 757 ----a-w- c:\program files\layout.bin
2005-05-23 00:22 . 2011-01-14 19:15 317440 ----a-w- c:\program files\00000002.TMP
2005-05-23 00:22 . 2011-01-14 19:15 20482048 ----a-w- c:\program files\00000001.TMP
2004-10-21 23:38 . 2011-01-14 19:36 126976 ----a-w- c:\program files\Install.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-01-25 2937528]
"ViOrb"="c:\program files\Vista Components\ViOrb\ViOrb.exe" [2008-06-13 167936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-07-30 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"True Transparency"="c:\program files\Vista Components\True Transparency\TrueTransparency.exe" [2008-05-27 371200]
"ViOrb"="c:\program files\Vista Components\ViOrb\ViOrb.exe" [2008-06-13 167936]
"Transparency Bar"="c:\program files\Vista Components\Transparency Bar\TransBar.exe" [2005-06-01 87040]
"Visual Task Tips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-03-09 61440]
"Auto Del Temp"="c:\windows\system32\TEMP.cmd" [2008-07-31 73]
"PostrannÝ Panel systÚmu Windows"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-04-11 1276416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-10-20 319488]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-30 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\M_1NK0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-2-23 576000]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2010-10-8 2845552]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\M_1NK0\\Dokumenty\\Downloads\\Facemoods.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike Xtreme V5\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7542:TCP"= 7542:TCP:BitComet 7542 TCP
"7542:UDP"= 7542:UDP:BitComet 7542 UDP
"57547:TCP"= 57547:TCP:Pando Media Booster
"57547:UDP"= 57547:UDP:Pando Media Booster
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.3.2011 21:21 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.2.2011 22:23 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.2.2011 22:23 19544]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [26.2.2011 17:56 27760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZP&ptb=EyALvCpEhkFiwbS7_4KdGA
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\M_1NK0\Data aplikací\Mozilla\Firefox\Profiles\hc5lr8mt.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=wbst
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll
HKCU-Run-PCSpeedUp - c:\program files\Zrychleni Pocitace\PCSpeedUp.exe
HKLM-Run-Rocket Dock - c:\program files\RocketDock\RocketDock.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.9\uninstall.exe
AddRemove-SaveTubeVideo_is1 - c:\program files\SaveTubeVideo.com\SaveTubeVideo\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 20:42
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(3688)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2011-07-03 20:50:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-03 18:50
.
Před spuštěním: Volných bajtů: 86 201 565 184
Po spuštění: Volných bajtů: 87 600 447 488
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F9DCC6ADBE02974B620A13C0B4C64BB9

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\program files\00000002.TMP
c:\program files\00000001.TMP

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57547:TCP"=-
"57547:UDP"=-

Firefox::
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[MaTiSkOoO]

Zdravím, spravil som to, combofix spusttil autoscan, vlastne to iste co predtym, s tym ze na konci chcel poslat nejake subory na nejaky server, ale bol docasne nedostupny tak to spravilo zalohu ze mam to tam poslat neskor....

Tu je log :


ComboFix 11-07-02.03 - M_1NK0 03.07.2011 21:33:23.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1295 [GMT 2:00]
Spuštěný z: c:\documents and settings\M_1NK0\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\M_1NK0\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
file zipped: c:\program files\00000001.TMP
file zipped: c:\program files\00000002.TMP
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\00000001.TMP
c:\program files\00000002.TMP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-03 do 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 19:16 . 2011-07-03 19:16 -------- d-----w- c:\documents and settings\M_1NK0\SystemRequirementsLab
2011-07-03 19:16 . 2011-07-03 19:16 -------- d-----w- c:\windows\Sun
2011-07-03 19:15 . 2011-07-03 19:15 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-03 19:15 . 2011-07-03 19:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-03 19:07 . 2011-07-03 19:07 -------- d-----w- c:\program files\SystemRequirementsLab
2011-07-03 17:26 . 2011-07-03 17:26 -------- d-----w- c:\program files\trend micro
2011-07-03 17:26 . 2011-07-03 17:27 -------- d-----w- C:\rsit
2011-07-03 17:07 . 2011-07-03 17:07 -------- d-----w- c:\program files\City Interactive
2011-07-02 07:32 . 2011-07-02 07:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 11:45 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{8B570C2B-4BCD-4D08-BDED-3CEC6F499805}\mpengine.dll
2011-06-28 12:53 . 2011-06-28 12:53 -------- d-----w- c:\program files\Robster Productions
2011-06-21 15:02 . 2011-06-30 19:03 -------- d-----w- c:\program files\Counter-Strike Xtreme V5
2011-06-21 15:01 . 2011-06-21 15:01 -------- d-----w- c:\windows\CSKO EXT
2011-06-20 16:48 . 2011-07-03 14:48 -------- d-----w- c:\program files\Valve
2011-06-20 16:32 . 2011-06-20 16:46 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-06-20 15:47 . 2011-03-25 12:41 -------- d-----w- c:\program files\Cs 1.6 Background Maker v3.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 19:15 . 2009-12-27 21:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-07 15:55 . 2011-01-27 10:09 7074640 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-05-24 17:14 . 2011-01-27 10:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2011-02-09 20:23 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-02-09 20:23 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-03-03 19:21 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-02-09 20:23 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-02-09 20:23 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-02-09 20:23 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-02-09 20:23 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-02-09 20:23 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-02-09 20:23 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-02-09 20:23 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 15:32 . 2009-12-27 21:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-14 08:51 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-14 00:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2008-04-27 10:09 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2008-03-01 14:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2008-03-01 14:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2008-04-27 10:08 385024 ------w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2008-04-14 00:47 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 07:47 . 2011-04-14 07:47 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-25 20:57 . 2011-01-25 20:22 506267136 ----a-w- c:\program files\Knight_Online_20101001.exe
2005-08-19 21:25 . 2011-01-14 19:20 757 ----a-w- c:\program files\layout.bin
2004-10-21 23:38 . 2011-01-14 19:36 126976 ----a-w- c:\program files\Install.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . C2DCB09A1EA98F248DD9A5DE195B3DF3 . 277504 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-07-03_18.43.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-03 19:43 . 2011-07-03 19:43 16384 c:\windows\Temp\Perflib_Perfdata_784.dat
+ 2011-07-03 19:07 . 2011-07-03 19:07 30208 c:\windows\Installer\18a17e.msi
+ 2009-12-27 21:51 . 2011-07-03 19:15 157472 c:\windows\system32\javaws.exe
+ 2009-12-27 21:51 . 2011-07-03 19:15 145184 c:\windows\system32\javaw.exe
+ 2009-12-27 21:51 . 2011-07-03 19:15 145184 c:\windows\system32\java.exe
+ 2011-07-03 19:16 . 2011-07-03 19:16 203776 c:\windows\Installer\18a194.msi
+ 2011-07-03 19:15 . 2011-07-03 19:15 675840 c:\windows\Installer\18a18e.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-01-25 2937528]
"ViOrb"="c:\program files\Vista Components\ViOrb\ViOrb.exe" [2008-06-13 167936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"True Transparency"="c:\program files\Vista Components\True Transparency\TrueTransparency.exe" [2008-05-27 371200]
"ViOrb"="c:\program files\Vista Components\ViOrb\ViOrb.exe" [2008-06-13 167936]
"Transparency Bar"="c:\program files\Vista Components\Transparency Bar\TransBar.exe" [2005-06-01 87040]
"Visual Task Tips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-03-09 61440]
"Auto Del Temp"="c:\windows\system32\TEMP.cmd" [2008-07-31 73]
"PostrannÝ Panel systÚmu Windows"="c:\program files\Windows Sidebar\Sidebar.exe" [2008-04-11 1276416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story\PrePatch.exe" [2010-10-20 319488]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-30 40960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\M_1NK0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-2-23 576000]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2010-10-8 2845552]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\M_1NK0\\Dokumenty\\Downloads\\Facemoods.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike Xtreme V5\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7542:TCP"= 7542:TCP:BitComet 7542 TCP
"7542:UDP"= 7542:UDP:BitComet 7542 UDP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.3.2011 21:21 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.2.2011 22:23 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.2.2011 22:23 19544]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [25.5.2011 17:29 1336712]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.6.2010 19:07 35088]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 20:19 13592]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [26.2.2011 17:56 27760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZP&ptb=EyALvCpEhkFiwbS7_4KdGA
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\M_1NK0\Data aplikací\Mozilla\Firefox\Profiles\hc5lr8mt.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=wbst
FF - prefs.js: keyword.URL - hxxp://smartwebsearch.net/results.php?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-03 21:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-03 21:52:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-03 19:52
ComboFix2.txt 2011-07-03 18:50
.
Před spuštěním: Volných bajtů: 87 378 612 224
Po spuštění: Volných bajtů: 87 362 736 128
.
- - End Of File - - FC441AC856A671D1CD21C9DE258AE1EA

[MaTiSkOoO]

No idem ja preinštalovať windows.....Ďakujem za pomoc, a prepáčte že som vás teda zbytočne zaťažoval

[Rudy]

No idem ja preinštalovať windows.....Ďakujem za pomoc, a prepáčte že som vás teda zbytočne zaťažoval

Proč? Dá se ještě pokračovat. Nastala nějaká změna? Jaké jsou ještě problémy?

[MaTiSkOoO]

Zmena nenastala žiadna....Stále to pri inštalácii nových programov vyhadzovalo errory a bol na svoj výkon nehorázne spomalený aj po prečístení combofixom a ccleanerom.... Tak ešte raz sa ospravedlňujem a ďakujem

[Rudy]

Nemáte zač. Ještě bylo možné zkontrolovat MBR (na přítomnmost rootkitu). Nepopírám, že je možné, že množství virů, které jste v PC měl, systém poškodilo.